On Tuesday, November 27, 2012 12:16:07 AM Gregory Maxwell wrote: > On Mon, Nov 26, 2012 at 6:44 PM, Luke-Jr <l...@dashjr.org> wrote: > > On Monday, November 26, 2012 11:32:46 PM Gregory Maxwell wrote: > >> Would you find it acceptable if something supported a static whitelist > >> plus a OS provided list minus a user configured blacklist and the > >> ability for sophisticated users to disable the whitelist? > > > > How is this whitelist any different from the list of CAs included by > > default with every OS? > > Because the list is not identical (and of course, couldn't be without > centralizing control of all OSes :P ) meaning that the software has to > be setup in a way where false-positive authentication failures are a > common thing (terrible for user security) or merchants have to waste a > bunch of time, probably unsuccessfully, figuring out what certs work > sufficiently 'everwhere' and likely end up handing over extortion > level fees to the most well established CAs that happen to be included > on the oldest and most obscure things.
There is a common subset of CAs which are included in all OSs. That's the "whitelist equivalent". We or someone else could even setup a list of these common CAs for merchants if that is needed. The fees CAs charge for certs is a flaw in the CA model in general, I don't see that it's important for us to solve it. ------------------------------------------------------------------------------ Monitor your physical, virtual and cloud infrastructure from a single web console. Get in-depth insight into apps, servers, databases, vmware, SAP, cloud infrastructure, etc. Download 30-day Free Trial. Pricing starts from $795 for 25 servers or applications! http://p.sf.net/sfu/zoho_dev2dev_nov _______________________________________________ Bitcoin-development mailing list Bitcoin-development@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/bitcoin-development
