Jon Callas <j...@callas.org> writes: >If it were hard to get signing certs, then we as a community of developers >would demonize the practice as having to get a license to code.
WHQL is a good analogy for the situations with certificates, it has to be made inclusive enough that people aren't unfairly excluded, but exclusive enough that it provides a guarantee of quality. Pick any one of those two. (I have a much longer analysis of this, a bit too much to post here, but there's a long history of vendors gaming WHQL and the certifiers looking the other way, just as there is with browser vendors looking the other way when a CA screws up, although in the case of hardware vendors the action is deliberate rather than accidental). Peter. _______________________________________________ cryptography mailing list cryptography@randombit.net http://lists.randombit.net/mailman/listinfo/cryptography