On 2/13/07, Eddy Nigg (StartCom Ltd.) <[EMAIL PROTECTED]> wrote:
The conspiracy is a different one...Now that prices are down to the bottom, the "commercial" CAs had to reinvent themselves in order to revive the once lucrative business. But how to do that? Define a new standard and get the browsers to do some extra work...True, there is some marketing effort to do...but now there is a good reason to charge again 1,000 US$ for it...Excellent!
For the record, VeriSign's 128-bit DV certs cost $1270 today. Is that part of the conspiracy? No, they just manage to convince people to pay more. If StartCom can follow the EV guidelines for cheaper, they stand to make a killing. I don't get what upsets you about this, Eddy. The market will adjust. Believe in it. It's just that now the market will be guided by standard guidelines for how to do validation and offer repudiation, revocation and let users find the actual certificate holder. So let's work on making those guidelines tenable for all players, and stop talking about how one CA plans on selling it for what you feel is too much money. I don't care about VeriSign's business model, I care about making sure that the EV specification actually accomplishes its goal of providing a validated identity for the certificate holder.
One problem...when this fantastic idea came up first, the "market share" of the new Mozilla browser was barely a few percents anywhere and would it have stayed like that, EV would be a fact today...but ooopps...something changed....Firefox has taken the lead at some places already (Notably in Germany, but also here http://www.boingboing.net/stats/#browsers ). Now they are obviously counting on it, that Mozilla plays nicely and is not going to upset the party...Well, some FUD about Firefox not being secure and loosing the "browser market" might help... ( http://www.theregister.co.uk/2006/10/25/verisign_extended_validation/ )...
One hopes you're not serious with this. I quote from the article itself: "A Firefox implementation of extended validation can only be a matter of time, since the Mozilla Foundation knows in order to compete it cannot afford for its browser to be just as good as IE7; it has to be better." We will implement EV. We will also implement better UI for EV. We will be better. That's what we're saying. The green bar is not better. The lock is already bad. Let's get to the process of fixing it with the tools we have at hand. cheers, mike -- / mike beltzner / phenomenologist / mozilla corporation / _______________________________________________ dev-security mailing list [email protected] https://lists.mozilla.org/listinfo/dev-security
