Ben, (and others who think SSH is the answer):
If you're serious about mozilla moving away from a CA model to an SSH model
then do this:
Go into mozilla, and disable ALL trust for all the CAs. All of them.
Root CAs and intermediate CAs. Every one. And leave them disabled. NO CAs.
You can trust self-signed SSL and email certs from your friends, or that
you yourself issued, but NOTHING else. And live with it like that for 90
days, without trusting any CAs at any time during those 90 days.
No Cheating. No turning on one CA so you can go to your bank, and then
turning it off again. If you cheat, your proposal loses.
Also, no trusting SSL certs for your bank or your favorite merchant,
unless you get the fingerprint for that cert from the bank or merchant
themselves, over some channel more secure than email (for this purpose,
we'll say a phone line is OK, but only if you're not a dissident in China).
Because that's what the SSH model is all about.
Live with what you propose. No cheating. Then after 90 days, come back
and tell me you never needed any CAs to do anything. Tell us how many
calls you had to make to get fingerprints. Tell us how many times you
wanted to visit a web site but found that the cert was untrusted.
Tell us how much better that was than with CAs.
When you and numerous others can honestly tell us that's better, THEN
maybe mozilla should start to consider that approach.
In the meantime, the issue before mozilla foundation is to choose new
CAs for admission to the list of trusted CAs.
--
Nelson B
_______________________________________________
mozilla-crypto mailing list
[EMAIL PROTECTED]
http://mail.mozilla.org/listinfo/mozilla-crypto
