Ian G <[EMAIL PROTECTED]> writes: >In the below, John posted a handy dandy table of cert prices, and Nelson >postulated that we need to separate high assurance from low assurance. >Leaving aside the technical question of how the user gets to see that for >now, note how godaddy charges $90 for their high assurance and Verisign >charges $349 for their low assurance. > >Does anyone have a view on what "low" and "high" means in this context?
Given the universal implicit cross-certification model used in browsers, mailers, etc etc, the only things that "Low" and "High" apply to are price, not assurance. (UIXC means that all certs are implicitly trusted equally, which is the same as having all CAs cross-certify all other CAs. The effect of either implicitly or explicitly doing this is that all CAs are only as secure as the least secure CA, and the only certificate that it makes any sense to buy is the cheapest one). >Indeed, what does "assurance" mean? You are assured that your credit card will be charged before the certificate is issued. Peter. --------------------------------------------------------------------- The Cryptography Mailing List Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]
