Ian G wrote:
A good read and I'd like to highlight and comment a few remarks from that blog:Well, if a mid-tier or lower-tier CA can't follow the EV guidelines because they are too expensive, then it creates a franchise that is partially purposed to locking out smaller competitors.... I said more on this on the blog:https://financialcryptography.com/mt/archives/000835.html
/Microsoft voted "yes" but this is a game they can play, they are better than anyone else at it, and they also have a motive: the Cardspace (was infocard) project needs friends and EV is a friend looking for friends, also./
OpenID is doomed to fail as well, if they continue the current path...and the irony of it is, that it will suffer from the same threats (phishing, spaming, identity theft) but for the opposite reasons (i.e. no governing control, no requirements, lax standard). But this is now off-topic...
/Likely the EV project will fail, due to the simple mathematics of it. Too few target sites (<<1000) and too much cost in audits, re-checks.../
Not, if it can be acquired by the general public, which implies, that the costs for the CAs must be much lower, or as you phrased it, the "barrier to entry" must be reasonable. Obviously the infrastructure for "extended validation" already exists with most CAs...it's the subscribers voting with their purse why common web sites don't use them...
/ Instead, we get the same old PKI hobby horses: must run a good OCSP.../For example like this? http://www.startcom.org/img/verisign-ocsp.png compared to http://www.startcom.org/img/startssl-ocsp.png :-D (Screen shots from the 9th of February 2007). BTW, Opera doesn't know what to do with CRLs....we are certainly living in interesting times...
/**Browsers** also should say "no." Or, should say, "sure, as long as it is an open market in governance." There is this underlying premise that the cartel known as the CA/Browser forum is //the only one. No such. There is no reason why I can't form a cartel made of, say, European national CAs or open source software CAs or Internet Bank CAs or ... and simply request the colors purple, peach and turquoise./
Absolutely! Any new standard which comes along by any interest group should be accepted by the browsers vendors...sounds reasonable, doesn't it!?
-- Regards Signer: Eddy Nigg, StartCom Ltd. Phone: +1.213.341.0390
smime.p7s
Description: S/MIME Cryptographic Signature
_______________________________________________ dev-security mailing list [email protected] https://lists.mozilla.org/listinfo/dev-security
