Xiaohui Lam <[email protected]> writes: >Are you suggesting that WebPKI encourages large monopolies?
Absolutely, but it actually does more than that, the high barriers to entry and high cost to remain have three effects: 1. Only large monopoly CAs tend to prosper (government- and corporate-backed vanity CAs with independent funding are another matter, but then they only issue vanity certs so barely count). 2. Everyone becomes a reseller for a CA (with minimal controls and checks and balances) rather than a full CA (with audits and checks and balances). 3. Because of this there's an impenetrable mass of cross-certifications of sub-CAs that make it more or less impossible to determine whether you've ever managed to knock out a rogue player. In effect the Web PKI selects for the worst possible type of PKI. Peter. -- You received this message because you are subscribed to the Google Groups "[email protected]" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To view this discussion on the web visit https://groups.google.com/a/mozilla.org/d/msgid/dev-security-policy/SY4PR01MB6251939EA4DCA0C269AF64C3EE05A%40SY4PR01MB6251.ausprd01.prod.outlook.com.
