J. Greenlees wrote: > the issuing of certs needs to be re-examined, and some sort of viable > system worked out to protect end users from fraudulent use. > far beyond the scope of any one development team, though maybe getting > security teams from most development groups to work together on a sane > security standard, with better control over certificates issued. > ( control as in verified identity and, as much as possible, good > business peractices )
Verifying what though? (this isn't as simple as you think) Have a look at the netscape.public.mozilla.crypto group and you'll see a large discussion on Frank Hecker's take on this and I'm inclined to agree with him on most of the points he makes (Frank is currently the guy writing policies on what determines if the CA should be included in Mozilla) -- Best regards, Duane http://www.cacert.org - Free Security Certificates http://www.nodedb.com - Think globally, network locally http://www.sydneywireless.com - Telecommunications Freedom http://happysnapper.com.au - Sell your photos over the net! http://e164.org - Using Enum.164 to interconnect asterisk servers "In the long run the pessimist may be proved right, but the optimist has a better time on the trip." _______________________________________________ Mozilla-security mailing list [email protected] http://mail.mozilla.org/listinfo/mozilla-security
