You just made Ian's statement valid, just the amounts involved are substantially increased, and I do use certificates for pop3/smtp as well..
Ian makes lots of statements - please specify which one
ok stock values in the $100,000's obviously $900 then becomes a viable amount, on the other hand so does $40...
SSL is used pretty much in the same way to protect all the transactions regardless of their value. If you lower the value of all SSL certs by widely broadening the default trust model (possibly to the point of trusting every self signed root, as advocated by some), then many of the transactions become unviable under that trust model.
You would pretty much have to come up with an entirely new trust model that makes some kind of distinction based on what type transaction you do. To achieve this, we aren't talking about minor UI tweaks to Mozilla. Please write the RFCs and get them approved by IETF, and then you can ask us to implement them in Mozilla security, but not before.
_______________________________________________
mozilla-crypto mailing list
[EMAIL PROTECTED]
http://mail.mozilla.org/listinfo/mozilla-crypto
