Everything I have ever said on this thread can now be found in one article:


This was by invitation of the CA Security Council a few months ago.

I have never worked for a CA and I have never had any reason to say anything in 
favor of CA’s or EV certificates. This is important to say because some people 
will automatically assume that I’m on one side of this debate. 

A few people asked me off-list for my “white paper”. I don’t have one. But this 
has more than 5,000 words and will likely be turned into one - if I can find 
someone to clean it up and make it better. 


dev-security-policy mailing list

Reply via email to