Sometimes you can’t, and a good "sue me here" certificate system would usually prevent a legally unreachable web site from getting "you can sue me in Canada" certificate. A Chinese site should not get a "you can sue me in Canadian court" certificate unless either Canada has comity with China with respect to the subject matter (here fraud), or the entity has reachable assets or business interests in the Canada and the local court has personal jurisdiction. A starting point for discussions of comity and personal jurisdiction over Internet activities, U.S. style (which is similar to Canada) can be found at <temple.edu>

To the extent a CA system falls short (especially with false positives, but also with false negatives) in failing to provide an accurate "you can sue me" certificate, it will be a less perfect solution to phishing. Maybe the problem you point to is fatal to the idea; OTOH maybe in the long run it won’t be a big deal. The jury is going to be out for a while yet.—szabo

Right. I’m familiar with the cases of families who have been victims of terrorist attacks and who have sued the countries which financially support terrorism; the country’s assets in the U.S. and Canada are supposed to be used as compensation, though last I checked the government(s) was resisting this.—Sandro

I suspect that it is workable but with increased effort; maintaining a global namespace is increasingly difficult the larger it becomes. Incidentally, there is no reason this "certificate as token of legal jurisdiction" system cannot be implemented in conjunction with the petname system. Personally, I would feel even more comfortable with an introduction to Paypal from a friend *and* a visible identifier indicating that this Paypal is also a registered legal entity in Canada (signed by the government, or governement approved CA, for instance). I would initially award a greater degree of trust to such a "Paypal" because of the legal recourse I would have at my disposal.—Sandro