Ian G wrote: > Ram A M wrote: > > Ultimately my point was that a CA cannot reasonably leverage mass > > market registrars for authentication to provide high assurance services > > since registrars cannot be expected to operate only high assurance > > registration services - the price points don't allow it. > > > I would agree with that basic point; although there > have been many proposals to ask the registrars to > control things like IDNs.
Yep and to the extent that it can be automated I expect to see approaches that widdle away at the problem. To the extent that it's manual you will see prices go up - given the nature of that market I doubt this is coming without forcing a change in market behavior through authority of some sort. Personally I don't need authentication for most of the websites I visit so I don't really want to bear the cost of authentication for every domain name I buy (rent? lease? license?). > > I agree in part. I think CAs would love to see broader adoption of > > certificates at a variety of assurance levels and that because the > > software providers do not have a direct incentive to support this that > > the system is taking the path it is - introduce lower cost lower > > assurance certificates since they appear to provide the same value > > (padlock) which I think will enable the backlash I suggested earlier. > > > Right. Again, check that rant. I think certain architects > who were involved in the early construction of the PKI got > it backwards and now we are all paying the price. Eh. I think a reasonable job was done It was understood that bringing trust to a defacto anonymous communication channel was most practically achieved by leveraging the existing trust infrastructure - the legal system. It would be tough to imagine that the goal was a perfect security system that would never need change. _______________________________________________ mozilla-crypto mailing list [email protected] http://mail.mozilla.org/listinfo/mozilla-crypto
