Nelson B Bolyard wrote:
I've been trying to get mozilla to go back to a model that offers some protection to the users. There are a few of the core mozilla developers who seem sympathetic. DougT is one.
(I don't know much about code apps.)
A few more voices supporting that idea would help. As long as you guys keep trashing the value of certs, as you do (you know who you are), I doubt the situation will improve.
Certs are the only way that MF products are going to deliver any security.
Nevertheless, in hope that someday mozilla will improve its use of PKI, I plan to continue to resist helping those who knowingly thwart it.
I would support that view. In fact I have spent the last week over on another group (also madly debating the shmoo bug) defending the PKI as being the only way that this emerging situation can be resolved.
Their view - which has some merit - is that the PKI is a broken security design. Their proposal is to rip it out and start again (with their design). That has no merit whatsoever, IMNSHO. None, zip, nada, zilch.
Not using the certs in browsers and servers is a non-starter.
Improving the way the PKI is used, now, *there's* some room for potential.
iang
-- News and views on what matters in finance+crypto: http://financialcryptography.com/
_______________________________________________ mozilla-crypto mailing list mozilla-crypto@mozilla.org http://mail.mozilla.org/listinfo/mozilla-crypto