beltzner wrote: > Well, that and brand loyalty. I think we need to make the CAs more > publically accountable for their assertions and actions. Those CAs > that aren't holding up to their end of the EV bargain should be either > stripped of their ability to issue EV certs, or suffer brand > affiliation consequences.
I don't think brand suffering is a big enough of a threat to some companies to keep them honest, take all the problems Sony has been involved with last year and they didn't suffer noticibly. I don't know what the liability should be, but a flat rate fee isn't the answer either, some kind of liability based on income would be the best way to handle things since a rich company won't be "hurt" as much as a small company kind of thing. > Sure. Which is why we're at $10 certs. The market decided that the CAs > weren't offering a service, and so they devalued the cost of that > service. I don't think such devaluation was a CA-inspired conspiracy! > :) I didn't mean it was any kind of conspiracy, just the market self balancing to an extent. > I'm not familiar with CACert or the "runaround" that you're In this case I didn't mean to imply anything about CAcert. -- Best regards, Duane http://www.cacert.org - Free Security Certificates http://www.nodedb.com - Think globally, network locally http://www.sydneywireless.com - Telecommunications Freedom http://e164.org - Because e164.arpa is a tax on VoIP "In the long run the pessimist may be proved right, but the optimist has a better time on the trip." _______________________________________________ dev-security mailing list [email protected] https://lists.mozilla.org/listinfo/dev-security
