Hmmmm re-reading these emails I think I'd just like to point our for the record I've stated for a very long time that I'd like to see the people not-assured be severely limited in terms of certificates being issued, however this is a chicken an egg problem for us, how does a community effort with limited resources (time and money, although in this case money buys you time) verify the identity of the world.
You don't, necessarily. But if you don't, you can't expect others to trust your limited verifications.
Being blunt, the totality of your email makes it clear that you started from the viewpoint of "it's unfair that only companies have the ability to prove their identity and get SSL certs" and decided to reduce verification enough to let everyone else in, rather than starting from the viewpoint of "we need to be equally secure and verifiable; how do we do that in a not-for-profit context?".
Gerv _______________________________________________ mozilla-crypto mailing list [email protected] http://mail.mozilla.org/listinfo/mozilla-crypto
