On topic for the thread: I don't *think* there's currently any insurance companies with special policies for CA:s. There might be about 600 organizations that can issue SSL certs according to EFF, but there's more insurance companies than that in the world. Most of them probably don't have many CA:s as clients.
--- About what's on/off topic: Well, I guess many would agree that a strong cryptographic algorithm/protocol is useless if the implementation is bad, so that would be relevant (like SSL and relying on CA:s). If you are interested about cryptography, I assume you want it to be used right. But then again, there's a limit for when it's too far off topic. So I guess the real question is *what is too off-topic*? I guess we need some consensus about what's too off topic. It makes sense to talk about why a clever algorithm that is useless *is* useless (like most of quantum crypto). But if a question about insurance companies and their incentives to push a CA to improve security strays into talk about general insurance company policies or even away from anything related to security or trust, that's too far off topic IMHO. But a discussion about the incentives for CA:s do do the right thing seems enough on topic to me, because SSL as designed is useless without secure CA:s (not considering Perspectives or MonkeySphere unless either gets momentum enough for widespread use). Making SSL work in real life is on topic for this list, right? That's what I'm assuming. If somebody wants there to be a pure cryptography mailing list and separate more generic one (like this one currently is), I think that person would have to try starting a more strict crypto mailing list, because I don't think most people here would want the rules here to get stricter or that they would want to switch to a different list that would be just like this one is now. We also don't want too many different lists. 2013/1/25 Paul Hoffman <paul.hoff...@vpnc.org> > Since there isn't a strong list moderator here, I gotta ask: is this (and > similar PKIX-is-broken threads) on-topic for this mailing list? Regardless > of how much I agree with the sentiment, it seems to have nothing to do with > cryptography. Maybe someone should set up a post-pki mailing list for such > threads? (Or maybe I should be less cranky?) > > --Paul Hoffman > _______________________________________________ > cryptography mailing list > cryptography@randombit.net > http://lists.randombit.net/mailman/listinfo/cryptography >
_______________________________________________ cryptography mailing list cryptography@randombit.net http://lists.randombit.net/mailman/listinfo/cryptography
