On Fri, Jan 4, 2013 at 8:41 PM, John Case <c...@sdf.org> wrote: > > Let's assume hardware is zero ... it's a really variable cost, so I assume > (correct me if I'm wrong) that it is a trivial cost compared to legal and > audit costs, etc. > > So what does it cost to start a root CA, get properly audited (as I see the > root CAs are) and get yourself included into, say, firefox or chrome ? > > A followup question would be: > > Is inclusion of a root CA in the major browsers a "shall issue" process ? > hat is, you meet the criteria and you get in ? Or is it a subjective, > political process ? > > Finally, it seems to me that since there re so few root CAs (~30 ?) and the > service provided is such an arbitrary, misunderstood one, that existing CAs > would be actively trying to prevent new entrants ... and establish > themsevles as toll collectors with a pseudo monopoly ... what evidence (if > any) do we have that they are pursuing such an ecosystem ?
Many today say that there are too many root CA, not a few. Is not it? https://www.eff.org/observatory. have i missing something ? best > > Thank you. > _______________________________________________ > cryptography mailing list > cryptography@randombit.net > http://lists.randombit.net/mailman/listinfo/cryptography _______________________________________________ cryptography mailing list cryptography@randombit.net http://lists.randombit.net/mailman/listinfo/cryptography