Colin Guthrie wrote:
> Yeah the cheap CA's are IMO actually a problem.
> I (personally) think we should have a new system for this scenario:
> http:// = totally insecure
> https:// = secure and to a reasonable degree of trust (e.g. no $12.00
> httpus:// = secure but no aspect of trust.
Colin, I think you're mixing apples and oranges here - http(s) was never
meant to provide any indication of "trust". Besides, how do you suggest
we distinguish between CAs "with no trust" and CAs "with trust"?
Per Jessen, Zürich (1.1°C)
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php