Nelson B Bolyard wrote:
I've been trying to get mozilla to go back to a model that offers
some protection to the users. There are a few of the core mozilla
developers who seem sympathetic. DougT is one.
(I don't know much about code apps.)
A few more voices supporting that idea would help. As long as you
guys keep trashing the value of certs, as you do (you know who you
are), I doubt the situation will improve.
Certs are the only way that MF products
are going to deliver any security.
Nevertheless, in hope that someday mozilla will improve its use of PKI,
I plan to continue to resist helping those who knowingly thwart it.
I would support that view. In fact I have
spent the last week over on another
group (also madly debating the shmoo
bug) defending the PKI as being the only
way that this emerging situation can be
resolved.
Their view - which has some merit - is
that the PKI is a broken security design.
Their proposal is to rip it out and start
again (with their design). That has no
merit whatsoever, IMNSHO. None, zip,
nada, zilch.
Not using the certs in browsers and
servers is a non-starter.
Improving the way the PKI is used, now,
*there's* some room for potential.
iang
--
News and views on what matters in finance+crypto:
http://financialcryptography.com/
_______________________________________________
mozilla-crypto mailing list
mozilla-crypto@mozilla.org
http://mail.mozilla.org/listinfo/mozilla-crypto
