Heikki Toivonen wrote: > I haven't yet read the EV draft fully to see how closely it matches my > expectations, but commentary from other people seems to indicate it is > reasonable (barring some bugs and clarifications). I believe it will > improve the situation. I know it won't be 100% foolproof, but then again > I don't think anything can be.
How can it be considered reasonable if the number of businesses using EV certificates will be relatively low? shouldn't Mozilla and other interested parties that are supposed to be looking out for their users actually be doing something that will work for all sites? Having a big bank account doesn't equate to trust, look at the Enrons of the world. This is of course where trust bar et al comes in, they don't require a monetary barrier to entry, which isn't a barrier to entry for those suitably motivated. And no matter what Gerv says, the crux of the issue is this is all about monetary barriers to entry because all it takes is enough money and any of the barriers thought thus far up can be over come. -- Best regards, Duane http://www.cacert.org - Free Security Certificates http://www.nodedb.com - Think globally, network locally http://www.sydneywireless.com - Telecommunications Freedom http://e164.org - Because e164.arpa is a tax on VoIP "In the long run the pessimist may be proved right, but the optimist has a better time on the trip." _______________________________________________ dev-security mailing list [email protected] https://lists.mozilla.org/listinfo/dev-security
