On 29/12/08 00:37, Kyle Hamilton wrote:
On Sun, Dec 28, 2008 at 9:28 AM, Ian G<i...@iang.org> wrote:
On 28/12/08 17:06, David E. Ross wrote:
How about the users of Mozilla products who might lose money or even go
bankrupt because they trusted a root certificate from such a CA? No,
such losses are not known (yet). What did happen, however, indicates
that such losses are indeed possible and not only through Certstar.
Yes, indeed. That's a big question.
What I am suggesting is that "dropping the root" will not address that
question. It is too blunt a weapon to be used reliably.
Considering that "trustability" is viewed as a binary state, it's the
only weapon that Mozilla has.
Yes. This is reason for concern.
iang
_______________________________________________
dev-tech-crypto mailing list
dev-tech-crypto@lists.mozilla.org
https://lists.mozilla.org/listinfo/dev-tech-crypto
