Ian G wrote:
(I'm guessing you switched across to the Netcraft datanase here?)
Nope, but was reading you post about it...
Right. But what if it worked? Linking back to a DB is more or less what OCSP tries to do, go back to a DB and see if a cert is still good.
I'm not saying it's a completely bad thing, in the case of CRL/OCSP this is needed for other reasons, and the ones that issued it should have the ability to control what happens later in response to breaches of agreements (malware etc)
All the Netcraft thing is doing is using their own database, and skipping the cert side altogether. It's the antithesis of suggestions made here (be Gervase) that all anti-phishing efforts should be concentrated in SSL.
And we both know how well things are working on that front... As I said a centralised system isn't always a bad thing, but it depends on the implementation and how much tracking actually occurs, I don't like the ability to turn around and use my own statistics against me...
You went to xyz website so you must support/hate <insert favourite group>, there is a limit to what should and shouldn't occur in these situations and how much of the code is released to know how much?
--
Best regards, Duane
http://www.cacert.org - Free Security Certificates http://www.nodedb.com - Think globally, network locally http://www.sydneywireless.com - Telecommunications Freedom http://happysnapper.com.au - Sell your photos over the net! http://e164.org - Using Enum.164 to interconnect asterisk servers
"In the long run the pessimist may be proved right,
but the optimist has a better time on the trip."
_______________________________________________
mozilla-crypto mailing list
[email protected]
http://mail.mozilla.org/listinfo/mozilla-crypto
