> To be contrarian for a moment.... > > In the "old days" ( a few months ago) the only really difference for a > customer between most CAs was how widely their trust was distributed.
As far as I can see, trust is still distributed equally and broadly. That's the nature of the homogonising design, right? It's too early to call a difference from the Chrome clawback (aka pinning). > What platforms (Windows, which mobile phones, etc). You're talking about their root certificate, not trust. > Today, maybe that has changed ever so slightly? If a customer now > fears that their/A CA will actually get de-listed from the popular > platforms, thus causing them an outage, maybe customers start > demanding CAs that are less likely to get de-listed? Maybe ones that > can demonstrate better security controls, or somesuch? I'd be more worried about the somesuch. The fact that CAs are issuing certificates without due cause & contract is far more important than they stop issuing. One causes a momentary outage (which happens every year or two anyway) ... The other can cause MITMs ! Ask google! And, there ain't a damn thing the subscriber or its CA can do. > This isn't to say it justifies or supports the marketing campaign, but > perhaps there is a real message hidden in there after all? :) yeah but the marketing people at semantic are addicted to their own kool-aid. Any marketing done now would be a mistake. Not enuf time for the full lessons to be learnt, dust still settling. E.g. OCSP. Black or white? Iang _______________________________________________ cryptography mailing list [email protected] http://lists.randombit.net/mailman/listinfo/cryptography
