Frank Hecker: > Gervase Markham wrote: > >> The EV distinction is clear. And EV exists precisely because the line >> between DV and IV/OV is fuzzy, and it would have been very difficult to >> correctly discern the difference programmatically. >> > > This is a key point worth emphasizing. We use the terms "IV" and "OV", > but they don't really mean anything in objective terms; they just mean > that a CA claims to verify identity in some manner, with the exact means > varying from CA to CA.
Correct. > In order to implement a strong UI distinction > between traditional IV/OV certs and DV certs we would have to determine > exactly what each CA is doing, have some sort of objective standard > against which we could compare each CA's practices, and enforce such a > standard. Define, agree, enforce....and conquer. I could make this work without too much investment, but with a little help of Mozilla, a will to do do it, which includes specially yourself. I could give you a clear plan and approach which would within one year have most CAs willingly sub-ordinated into this scheme and the UI could differentiate. > This would have been a very onerous task No > As I wrote before, EV certs are really what CAs were/are supposed to be > doing according to traditional ideas of (X.509) PKI, and I would be > happy to see the CA market divide into EV certs and non-EV certs, with > the former used for all high-value transactions and the latter relegated > to low-value transactions, personal and small group sites, etc. > Reality will show you that this assessment is most likely wrong! The danger will be that there will be inroads and a lowering of the EV requirements....just wait and see. This had already started between the latest drafts and the final version. In the previous mail I explained why other higher validations make sense. Again, Mozilla can decide if it wants to be an active player and if it has something more to offer also in respect to PKI. It can remain passive and continue to follow... -- Regards Signer: Eddy Nigg, StartCom Ltd. <http://www.startcom.org> Jabber: [EMAIL PROTECTED] <xmpp:[EMAIL PROTECTED]> Blog: Join the Revolution! <http://blog.startcom.org> Phone: +1.213.341.0390 _______________________________________________ dev-tech-crypto mailing list [email protected] https://lists.mozilla.org/listinfo/dev-tech-crypto
