Frank Hecker: > Microsoft has taken an interesting approach to this problem, one that I > think is worth discussing: > > "[F]or government CAs who issue certificates to secure government to > government or citizen to government transactions, Microsoft will accept > a statement from a government or private party auditor attesting to the > CA’s audit status, giving the name of and reference to their audit > guidelines, the date of the last audit, and equivalence of their audit > criteria to the Operating Standards (e.g. WebTrust For CAs, ETSI TS 102 > 042, ETSI 101 456, ISO 21188)." > How stupid! If that's limited to "secure government to government or citizen to government transactions", how is that limited in the software or certificate(s)? And what would its use be for the regular, typical average user? I'm not a government nor employed by a government so it doesn't apply to me. Nor am I a citizen of Zimbabwe, so it doesn't apply to me either... I guess I represent in that respect the majority of a typical user.
Nope, I guess we'll have to find something better then that (if at all). -- Regards Signer: Eddy Nigg, StartCom Ltd. <http://www.startcom.org> Jabber: [EMAIL PROTECTED] <xmpp:[EMAIL PROTECTED]> Blog: Join the Revolution! <http://blog.startcom.org> Phone: +1.213.341.0390 _______________________________________________ dev-tech-crypto mailing list [email protected] https://lists.mozilla.org/listinfo/dev-tech-crypto
