Forwarded on request.
-------- Original Message --------
Eddy Nigg (StartCom Ltd.) wrote:
beltzner wrote:
If StartCom can follow the EV guidelines for cheaper, they stand to
make a killing. I don't get what upsets you about this, Eddy.
Well, if a mid-tier or lower-tier CA can't follow the EV
guidelines because they are too expensive, then it creates a
franchise that is partially purposed to locking out smaller
competitors. C.f., Porter's 5 Forces, especially _barriers
to entry_. I said more on this on the blog:
https://financialcryptography.com/mt/archives/000835.html
This is an extremely uncontroversial criticism in business
terms, but we need to examine the positive side too. To the
extent that *EV delivers some value*, we may accept as a
community that this is a *fair tradeoff*.
Accepting a barrier to entry is perfectly reasonable, and is
used as the basis for many industries. E.g., electrical
safety guidelines. Electrical standards deliver a standard
and safe product, at the cost of dramatically raising the
cost of electrical wiring work.
The question then is what value EV delivers to offset this
loss of competition. Some claim that it delivers no value
at all; in that it is just a touch-up paint job over the
existing walls. Adding more expensive paint is not a useful
answer when (as some claim) the building is already condemned.
(for the non-english native: "Condemned" means the city
council has come and put a notice on a building that it is
to be knocked down and cannot be used for any purpose.)
So the onus is on the EV community to say where the value
is. They talk about that in the beginning of their documents.
It's a judgement call as to whether the value so specified
is commensurate to allowing more barriers to entry in the
marketplace.
iang
_______________________________________________
Anti-fraud mailing list [email protected]
http://lists.cacert.org/cgi-bin/mailman/listinfo/anti-fraud
http://wiki.cacert.org/wiki/AntiFraudCoffeeRoom
_______________________________________________
dev-security mailing list
[email protected]
https://lists.mozilla.org/listinfo/dev-security
