On 6/01/13 09:48 AM, Ryan Sleevi wrote:
Perhaps it's this kind of thinking that leads to failed audits :)
It will, it does, and the information is readily available from the
previous post.
https://www.cabforum.org/Baseline_Requirements_V1_1.pdf Sections 14
through 16
Additionally,
Bitcoin based DNS? That would be Namecoin. I am unsure if it also manages
SSL or similiar link encryption or if that is a separate thing for the
scheme.
Den 6 jan 2013 08:27 skrev James A. Donald jam...@echeque.com:
On 2013-01-05 12:07 PM, Morlock Elloi wrote:
Correct. The cost of being CA is
Hi,
Is inclusion of a root CA in the major browsers a shall issue process
? hat is, you meet the criteria and you get in ? Or is it a subjective,
political process ?
The process varies between browser vendors, with baseline requirements
established in the CAB Forum. Audits are usually
On Sat, Jan 5, 2013 at 8:05 AM, Ralph Holz h...@net.in.tum.de wrote:
Hi,
...
What I have also seen was post-hoc debate about the inclusion of the
Chinese CA CNNIC (CN-NIC), which IMO highlighted a shortcoming of the
process: If participants do not have much time, the one-week discussion
On 5/01/13 01:05 AM, Ryan Sleevi wrote:
On Fri, January 4, 2013 12:59 pm, Greg Rose wrote:
You could ask the folks at CAcert... I imagine Ian Grigg will also chime
in. Certification costs a lot, and as you have observed, the incumbents
try very hard to keep you out. Despite some
On 5/01/13 00:01 AM, yersinia wrote:
On Fri, Jan 4, 2013 at 8:41 PM, John Case c...@sdf.org wrote:
Many today say that there are too many root CA, not a few. Is not it?
https://www.eff.org/observatory.
have i missing something ?
Yes - the number of CAs is not so relevant to the question.
Before joining Globalsign a year ago I was an observer to what was going on in
the CA industry.
Personally I saw (and still do see) value in the services that a CA offers and
believe that for the large majority of users on the Internet there is value in
knowing who is behind domain name.
I
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
I'm really glad you asked this question. It gives me to tell a story I've
wanted to tell for some time. I know the answer to your question because I've
done it.
Some years ago, PGP Corporation toyed off and on with the idea of becoming a
CA. We
A great write up Jon!
As you know in a past life I was responsible for the Microsoft Root program and
introduced much of the process that is used today - It really makes me happy to
someone speak positively possibly about what they do and I couldn't agree more.
The only thing I would change in
Jon,
Many thanks for this very informative post - really appreciated.
Some comments, below...
On Sat, 5 Jan 2013, Jon Callas wrote:
Now that $250K that I spent got an offline root CA and an intermediate
online CA. The intermediate was not capable of supporting workloads that
would make
On Sat, January 5, 2013 10:10 pm, John Case wrote:
Jon,
Many thanks for this very informative post - really appreciated.
Some comments, below...
On Sat, 5 Jan 2013, Jon Callas wrote:
Now that $250K that I spent got an offline root CA and an intermediate
online CA. The
Any defensiveness is no doubt due to the fact that trust in the system
is shared between all participants - lose faith in one CA, and you lose
faith in all CAs. In that sense, existing CAs - particularly entranced
ones - have incentives to improve the state of the trust and security in
the
On 2013-01-05 9:31 AM, Ryan Sleevi wrote:
On Fri, January 4, 2013 3:06 pm, James A. Donald wrote:
On 2013-01-05 8:05 AM, Ryan Sleevi wrote
Can you explain how, exactly, incumbents leverage any power to keep new
entrants out?
Such behavior is necessarily a deviation from official truth,
On 2013-01-05 12:07 PM, Morlock Elloi wrote:
Correct. The cost of being CA is equal to the cost of getting CA signing pub
key into the target audience browsers.
You can (sorted by increasing security, starting with zero):
1 - go through browser vendors,
2 - have your users to install
Let's assume hardware is zero ... it's a really variable cost, so I assume
(correct me if I'm wrong) that it is a trivial cost compared to legal and
audit costs, etc.
So what does it cost to start a root CA, get properly audited (as I see
the root CAs are) and get yourself included into,
On Fri, 4 Jan 2013, yersinia wrote:
Finally, it seems to me that since there re so few root CAs (~30 ?) and the
service provided is such an arbitrary, misunderstood one, that existing CAs
would be actively trying to prevent new entrants ... and establish
themsevles as toll collectors with a
On Fri, 4 Jan 2013, Greg Rose wrote:
You could ask the folks at CAcert... I imagine Ian Grigg will also chime
in. Certification costs a lot, and as you have observed, the incumbents
try very hard to keep you out. Despite some reasonable sources of
funding, CAcert still didn't succeed.
On Fri, January 4, 2013 12:59 pm, Greg Rose wrote:
You could ask the folks at CAcert... I imagine Ian Grigg will also chime
in. Certification costs a lot, and as you have observed, the incumbents
try very hard to keep you out. Despite some reasonable sources of funding,
CAcert still didn't
On Fri, January 4, 2013 3:06 pm, James A. Donald wrote:
On 2013-01-05 8:05 AM, Ryan Sleevi wrote
Can you explain how, exactly, incumbents leverage any power to keep new
entrants out?
Such behavior is necessarily a deviation from official truth, from the
way certification is supposed to
John Case c...@sdf.org writes:
So what does it cost to start a root CA, get properly audited (as I see the
root CAs are) and get yourself included into, say, firefox or chrome ?
The rule of thumb I've seen from various inside sources is about $1M [0].
Obviously this can vary quite a lot based on
20 matches
Mail list logo
