On 02/24/2009 02:01 AM, Kyle Hamilton:
It's important to realize something rather important... security must be designed into the system from the ground up, and all pieces of a secure system must operate together properly. It's not *just* the CA, it's everything.
Ideally yes, your are right...
Since we don't have a secure system, we need to find a way to make things as secure as possible given the lack of cooperation from the registrars/ICANN/browser vendors/CAs/users.
...but I think that the CAs would be the better equipped and capable parties of those (beyond unilateral actions on part of the browser vendors, like removing support for wild cards, IDN and numbers in domain names generally and/or in certificates particularly). What's lacking is perhaps a policy making those requirements. It's of course just my opinion on this matter...
-- Regards Signer: Eddy Nigg, StartCom Ltd. Jabber: start...@startcom.org Blog: https://blog.startcom.org -- dev-tech-crypto mailing list dev-tech-crypto@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-tech-crypto