Everything I have ever said on this thread can now be found in one article:
https://casecurity.org/2019/10/10/the-insecure-elephant-in-the-room/ This was by invitation of the CA Security Council a few months ago. I have never worked for a CA and I have never had any reason to say anything in favor of CA’s or EV certificates. This is important to say because some people will automatically assume that I’m on one side of this debate. A few people asked me off-list for my “white paper”. I don’t have one. But this has more than 5,000 words and will likely be turned into one - if I can find someone to clean it up and make it better. Thanks, Paul _______________________________________________ dev-security-policy mailing list dev-security-policy@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-security-policy