Colin Guthrie wrote:

> Yeah the cheap CA's are IMO actually a problem.
> I (personally) think we should have a new system for this scenario:
> http:// = totally insecure
> https:// = secure and to a reasonable degree of trust (e.g. no $12.00
> certs!)
> httpus:// = secure but no aspect of trust.

Colin, I think you're mixing apples and oranges here - http(s) was never
meant to provide any indication of "trust". Besides, how do you suggest
we distinguish between CAs "with no trust" and CAs "with trust"?


Per Jessen, Zürich (1.1°C)

PHP General Mailing List (
To unsubscribe, visit:

Reply via email to