On Jun 7, 2017 8:45 AM, "Phillip Hallam-Baker" <[email protected]> wrote:
On Wed, Jun 7, 2017 at 9:08 AM, Ryan Sleevi <[email protected]> wrote: > > > > On Wed, Jun 7, 2017 at 8:51 AM, Magnus Ahltorp <[email protected]> wrote: >> >> Well, that depends on the assurance level, doesn't it? For domain-validated >> certificates, sure, but those are next to worthless anyway. It would be hard >> to hold a CA responsible for issuing them, so the need for logging them is >> really small. > > > Let's not introduce CAs' marketing distinction into the technical discussion. Marketing is sometimes based on facts. In this case inconvenient facts for people proposing to trash the WebPKI trust model. If you want to spread disinformation, then I am going to respond to correct. https://www.scmagazineuk.com/updated-97-of-malicious-mobile-malware-targets-android/article/535410/ The press have stopped writing articles about 97% of malware targeting Android because it is no longer news. Apple do have some advantages in their structure besides enforcing what amounts to EV validation of developers. But it is the validation of every developer before they get developer credentials that makes the rest of their model feasible. > > Domain validated certificates - the basis for the Web PKI - are the only > security level that matter. The holder of such a certificate can impersonate > any site named in the certificate - whether from example.com to google.com. Domain Validation is not the 'basis' for the WebPKI. It did not even exist until late in the dotCom boom. The WebPKI was originally designed to establish accountability. It is the bridge between the online and offline accountability infrastructure. So I get to sue Verisign if they issue a cert incorrectly? Oh wait, that isn't actually the case: CAs disclaim all responsibility for what you say they they are supposed to do. Was it ever the case that this was possible? _______________________________________________ Trans mailing list [email protected] https://www.ietf.org/mailman/listinfo/trans
