Ian G <[EMAIL PROTECTED]> writes: >Frank Hecker wrote:
>> It's interesting to see discussion heating up around the topic of CAs >> and their roles, and of course this is all useful background for future >> decisions we might make regarding browser UI. >Yes Sir! The more browser manufacturers do to change >the model, the more cages get rattled. And the more >cages get rattled, the more people will wake up and >see the monster. It's all to the good, we need things >like Opera's attempt to get minds focused. I did read >somewhere that Microsoft were going to release a beta >in May or somesuch, which will set the gorilla's cage >shaking. This issue has been known to the X.509 standards groups for a *long* time (I remember several debates over this on the PKIX list in the mid to late '90s). Unfortunately the people who run the show are still desperately hanging on waiting for X.500 to suddenly start working, so they've done little more than pay lip service to Internet- rather than OSI-targeted identification (see "How to build a PKI that works", http://www.cs.auckland.ac.nz/~pgut001/pubs/howto.pdf, in particular PKI Grand Challenge #4, for a longer discussion of DN issues). It's good to see that the real world is finally making some headway with this. Unfortunately a lot of PKI designs and standards are still built on the basis of a deployed, fully functional X.500 hierarchy, so I don't know whether something that says in effect "X.500 doesn't work, the only thing that matters is a verified FQDN or email address" will ever make it as a formal standard. Peter. _______________________________________________ Mozilla-security mailing list Mozilla-security@mozilla.org http://mail.mozilla.org/listinfo/mozilla-security
