Nelson B wrote: > Ram0502 wrote: > > Ian G wrote: > > > >>This is something that Julien brought up and Amir > >>addressed by setting the border at the CA. As the > >>user identifies a particular CA as good, the security > >>app module accepts any cert from that CA. > > > > Nice practical solution. > > Except that it creates a monopoly situation for the cert buyer. > > Having bought his first cert from CA X, if he ever buys a cert > from CA Y instead, all his users will be alarmed. This gives > CA X opporunity to charge ever higher prices for cert renewals.
A fair point. It seems that solution addresses the realities of deployments but does so at the cost of increased friction in changing certificate providers. _______________________________________________ Mozilla-security mailing list [email protected] http://mail.mozilla.org/listinfo/mozilla-security
