Let's assume hardware is zero ... it's a really variable cost, so I assume
(correct me if I'm wrong) that it is a trivial cost compared to legal and
audit costs, etc.
So what does it cost to start a root CA, get properly audited (as I see
the root CAs are) and get yourself included into, say, firefox or chrome ?
A followup question would be:
Is inclusion of a root CA in the major browsers a "shall issue" process ?
hat is, you meet the criteria and you get in ? Or is it a subjective,
political process ?
Finally, it seems to me that since there re so few root CAs (~30 ?) and
the service provided is such an arbitrary, misunderstood one, that
existing CAs would be actively trying to prevent new entrants ... and
establish themsevles as toll collectors with a pseudo monopoly ... what
evidence (if any) do we have that they are pursuing such an ecosystem ?
Thank you.
_______________________________________________
cryptography mailing list
cryptography@randombit.net
http://lists.randombit.net/mailman/listinfo/cryptography
