Ian G wrote:
What's taken me a long time to discover is that there are more people who actually do agree with the flaws than I can see. So, in a sense, let's forget the job of needing to hammer on the flaws, and start thinking of the fixes ... in such a way that they improve the product.
But tracking finger prints is a solution to one problem, it's a jigsaw puzzle, fixing one piece doesn't help you have to attack things as a total of all the pieces...
Well, we have to start protecting the CA's space and patch. To do that, we have to create the branded space that the CA can protect; in order to give the CA what he needs to protect himself, we must let him define himself to the users. Ergo, as Bob pointed out, the original security model.
But this particular problem is a registrar/registry/browser issue, not a CA issue, if you fix the problem, and not come up with band-aides that inflict problems onto unrelated parties everyone will be better off.
You call for branding of CAs, but not branding of registrars/registries, why not slug them up on the chrome as well and maybe they'd start caring about dodgy domains too.
--
Best regards, Duane
http://www.cacert.org - Free Security Certificates http://www.nodedb.com - Think globally, network locally http://www.sydneywireless.com - Telecommunications Freedom http://happysnapper.com.au - Sell your photos over the net! http://e164.org - Using Enum.164 to interconnect asterisk servers
"In the long run the pessimist may be proved right,
but the optimist has a better time on the trip."
_______________________________________________
mozilla-crypto mailing list
[email protected]
http://mail.mozilla.org/listinfo/mozilla-crypto
