Our collective trust in a system like bitcoinID is based upon our trust in the Certificate Authority (CA) that issued the Class 1 or Class 2 S/MIME certificate. This article
does a nice job of highlighting some of the problems with our current PKI. The article tells us how the Comodo Certificate Authority recently issued some fraudulent certificates, thereby undermining the trust bestowed upon them by the PKI community.
Certificate Revocation is another important feature of our PKI. That is, if a digital certificate is lost or stolen, the CA adds the certificate to their Certificate Revocation List (CRL), thus making everyone aware that the certificate should no longer be honored. The aforementioned article points out that many PKI aware applications don't bother to check CRL's before giving the user the the green light. This is primarily due to the fact that CRL checks are disabled by default in a number of popular web apps. Although the article is discussing SSL certificates issued for web sites, CRLs are also used for S/MIME certificates. I would like to add at this point that bitcoinID.com does check CRLs before issuing a bitcoinID.
As a practical matter, two CAs, GlobalSign and Comodo each offer Class 2 S/MIME certificates. Comodo is selling theirs for $12, and GlobalSign is selling theirs for $60. I have spoken with both of these companies and the vetting process they use appears to be identical. Look here
at the description for Level 3 Security if you are interested in knowing more about what the vetting process involves. I would like to know what others think about the huge disparity in price between these two products. Has Comodo been black balled by the PKI community as a result of the recent security breach? Is anyone willing to pay 5 times more for a GlobalSign certificate?