beltzner wrote:
Hehe...I wonder how ;-) Perhaps with this: http://www.verisign.com/ssl/ssl-information-center/faq/extended-validation-ssl-certificates.htmlFor the record, VeriSign's 128-bit DV certs cost $1270 today. Is that part of the conspiracy? No, they just manage to convince people to pay more.
Anyway...I couldn't place a bigger smiley at the end of my last mail and one should read it with a grain of salt...So I'm convinced, that the motivation of EV is first and foremost business related and only secondary about making the Internet a better place, if at all...Nothing wrong with that, but...
....that there is currently no real alternative for the Webtrust accredited auditors...I think I'm not allowed to disclose how much such an EV audit would cost us, but it's not a piece of cake...Should Mozilla provide an alternative internally, as the current Mozilla CA policy[1] does or the rules would be changed at the CABrowser forum, then this issue would be solved what us concerns...But they didn't even allowed us and others join the forum... :-D Go figure....If StartCom can follow the EV guidelines for cheaper, they stand tomake a killing. I don't get what upsets you about this, Eddy.
Sure! StartCom will be glad to adhere to the same guidelines and issue the same for less...provided you will provide us with the framework for it, meaning accept an audit performed by an alternative auditor of our choice!The market will adjust. Believe in it. It's just that now the market will be guided by standard guidelines for how to do validation and offer repudiation, revocation and let users find the actual certificate holder.
So let's work on making those guidelines tenable for all players,
Exactly!
and stop talking about how one CA plans on selling it for what you feel is too much money. I don't care about VeriSign's business model, I care about making sure that the EV specification actually accomplishes its goal of providing a validated identity for the certificate holder.
Great! We have the same goals and intentions...
http://www.theregister.co.uk/2006/10/25/verisign_extended_validation/ )...One hopes you're not serious with this.
:-)
Of course I agree with you...BTW, I set up a page at Mozilla Wiki [2] with the intention to provide some overview about what was said and done, in order not to repeat ourselves here...I suggest that others help to extend that page...We will implement EV. We will also implement better UI for EV. We will be better. That's what we're saying. The green bar is not better. The lock is already bad. Let's get to the process of fixing it with thetools we have at hand.
[1] http://www.mozilla.org/projects/security/certs/policy/ [2] http://wiki.mozilla.org/Security:EV -- Regards Signer: Eddy Nigg, StartCom Ltd. Phone: +1.213.341.0390
smime.p7s
Description: S/MIME Cryptographic Signature
_______________________________________________ dev-security mailing list [email protected] https://lists.mozilla.org/listinfo/dev-security
