Correct. The cost of being CA is equal to the cost of getting CA signing pub 
key into the target audience browsers.

You can (sorted by increasing security, starting with zero):

1 - go through browser vendors, 
2 - have your users to install additional CA key into their existing browsers 
(and perhaps remove others), or
3 - distribute your own browser package.

Pick one.

> The policies are set by the browsers/root store operators -
> not CAs.

cryptography mailing list

Reply via email to