What is the point of encryption if you don't know who for?

IN SUMMARY

An SSL encrypted session between web browser and the web server provides a secure tunnel, but by default does not provide assurance in the identity of the end entity. Whilst a few high assurance providers continue to offer high assurance validation processes, many more low assurance providers are entering the market offering high speed, low value automated validation procedures. These low assurance products are not appropriate for encryption and do not provide either reliable privacy or trust.

Enterprises have a responsibility to ensure that the use of high assurance SSL certificates provides customers with the identity assurance and confidence to make safe, secure on-line transactions.

• The validation techniques followed by Certification Authorities should constantly be reviewed, refined and improved.
• The techniques should be audited by a centralized independent body.
• Proven adherence to those techniques should form the minimum entry criteria for any Certification Authority to have their root certificates accepted by Browser providers.

The goal of ever increasing security should drive future standards with entity authentication an absolute minimum where encryption and trust is required. After all,
What is the point of encryption if you don't know who for?

1. http://dictionary.reference.com/search?q=encryption, definitions copyright of Houghton Mifflin Company
2. http://news.netcraft.com/archives/web_server_survey.html
3. http://wp.netscape.com/certificate/v1.0/evalguide/
4. http://www.eucybervote.org/Reports/MSI-WP2-D7V1-V1.0-02.htm
5. http://en.wikipedia.org/wiki/DNS_cache_poisoning
6. http://archive.dante.net/np/ds/osi/9594-6-X.520.A4.ps