On Monday 09 May 2005 21:32, someone wrote: > > Trying to restrict cert sales to high priced CAs only > > serves to slowly stifle the market for security. Have > > a look at the securityspace.com stats and try and > > work out how to share about 100k worth of certs > > per year across dozens or hundreds of CAs, and > > pay for all the audits and systems, and make a > > profit! > > According to VeriSign's latest SEC filling they have over 400, 000 > active server ID customers. Is this news to you?
I've heard that before. Yet SecuritySpace says different, and I understand that the secret / paid reports from Netcraft say something similar to SecuritySpace (anyone have any lying around?). So what's the difference? I think the VeriSign number relates to many private and internal sites, as well as VPN servers and other uses, where servers are not on the net. In that case, this is actually ruled outside Mozilla's target market, which is the ordinary user, not corporates, and for SSL policy we are only interested in servers that serve HTTPS to the likes of Firefox. So I'm inclined to stick to SecuritySpace's numbers, especially as they are less biased than Verisign is likely to be in reporting their own numbers in an SEC filing. Also, the fact that Verisign has a big "private" base shouldn't be taken to mean that the other CAs have that base as well. One of the best URLs to watch: http://www.securityspace.com/s_survey/sdata/200504/certca.html Brings facts to the table .... and it's free! iang -- http://iang.org/ _______________________________________________ mozilla-crypto mailing list [email protected] http://mail.mozilla.org/listinfo/mozilla-crypto
