Ian G wrote: > The chances of them approving or agreeing to EKE are next to nil. > > The problem with Mozilla security > coding is more this: most (all?) of the programmers who work in that > area are all employees of the big software providers. And they all > have a vested interest in working for the status quo, all are opposed > to any change.
On 2011-07-14 10:41 AM, Brian Smith wrote:
* https://wiki.mozilla.org/Identity/Features/Verified_Email_Service https://wiki.mozilla.org/Identity/Verified_Email_Protocol * https://wiki.mozilla.org/Security/DNSSEC-TLS https://bugzilla.mozilla.org/show_bug.cgi?id=589537 * http://www.mail-archive.com/dev-tech-crypto@lists.mozilla.org/msg10018.html https://bugzilla.mozilla.org/show_bug.cgi?id=532127 https://bugzilla.mozilla.org/show_bug.cgi?id=405155 https://bugzilla.mozilla.org/show_bug.cgi?id=356855
Perhaps you think these links suggest that mozilla is not in the pocket of the CAs, in that some people at mozilla are attempting to make DNSEC actually useful.
But they are going to make it useful by making the DNS into a super CA. You are still going to have to buy your certificate from an existing CA, and the DNS system will bless it.
This like designing a bicycle with three and half wheels. Any restructuring that makes DNSSEC useful would make the CAs useless. The goal of their design is not to make DNSSEC useful, but to make it useful in a fashion that does not harm the CA business model.
_______________________________________________ cryptography mailing list cryptography@randombit.net http://lists.randombit.net/mailman/listinfo/cryptography