On Wed, May 18, 2016 at 04:35:49PM +0000, Ben Wilson wrote: > Looking at the threat from a defense-in-depth/orthogonal perspective, > doesn't it make sense that everyone -- browsers, ICANN, CAs, etc. -- does > something to combat malicious websites for the public?
Because the next steps after "we must do something!" is invariably "this is something" and "we must do this", regardless of efficacy. We can't get CAs to do what they *have* to do (attest as to identity) in a reliable manner; how is heaping more nuanced decision-making on them going to help? As far as browsers doing "something" to combat malicious websites, they are doing plenty already, with things like the Google Safe Browsing list. Not everything needs to be hit with the CA stick. - Matt
signature.asc
Description: Digital signature
_______________________________________________ dev-security-policy mailing list [email protected] https://lists.mozilla.org/listinfo/dev-security-policy
