Eddy Nigg (StartCom Ltd.) wrote: > Well, if you really believe, that there indeed was a company called > "CLICK YES TO CONTINUE", then I can't help you... :-)
Actually, I am almost certain that you could register a company with that name in the US. I remember reading, many years ago, that there were companies called "Whatever", "I don't care", "The cheapest" and similar weird names. Weird, that is, until you realized that they were long distance phone companies. The way that named worked was that a user would call an operator to make a long distance phone call, and the operator would ask which long distance company the caller wanted... > Sorry, perhaps I didn't made myself clear enough...The new guidelines > for auditing EV by WebTrust might be just perfect, but the problem is > the monopoly of authorized auditors by WebTrust. This is, where the > Mozilla CA policy provides alternatives, which is from our point of view > very important. The EV draft states auditing by WebTrust *or equivalent*. >> So when you visit an SSL site to buy something, you read all the >> certificate contents before proceeding with the purchase? Every time? > Well, personally I'm not a good example really...I'm not that objective > as a manager of a CA. However it depends on the nature of the site > (e-commerce or not) and indeed one should be bothered at least once with > the details of subscriber. As I suggested, this should be either easy to > reach and/or in a pleasant and informative manner. The identity of the CA would add value only if the user had any way of actually being informed what it meant and how trustworthy they are in their business. Even if Verisign started issuing 10% of their certs to obvious, known criminals, it would be unlikely to reach most people who use web browsers. Some requirements for that to happen would be for major news outlets reporting that, and writing in the non-tech section explaining what people should be doing to avoid being bitten by that. I just don't see that happening, because the major news item of the day is Britney's divorce instead... -- Heikki Toivonen _______________________________________________ dev-security mailing list [email protected] https://lists.mozilla.org/listinfo/dev-security
