Ian asked: #Right -- how to fix the race to the bottom?
Wasn't that supposed to be part of the Extended Validation solution? If it has failed at that, and I could see arguments either way, the other "natural" solution is probably government regulation. It likely wouldn't be pretty, but imagine: -- governmental accreditation of CAs (instead of, or in addition to, browser vendor/CAB reviews) -- governmental minimum price points for regulated products (thereby eliminating the race to the bottom, or competition on pricing in general) -- potentially government required insurance bonds, protecting the public against negligence or malfeasance -- governmental audits/reviews of CA compliance -- pressure on third parties to make sure that PCI-DSS and similar regulations mandate use of government approved CAs, only Of course, this may be one of those "Be careful what you wish for" scenarios, eh? Regards, Joe (someone who's generally NOT a big fan of direct government intervention) Disclaimer: all opinions strictly my own. _______________________________________________ cryptography mailing list cryptography@randombit.net http://lists.randombit.net/mailman/listinfo/cryptography