Le samedi 26 avril 2014 15:29:26 UTC+2, Zack Weinberg a écrit : > On 2014-04-26 4:51 AM, Erwann Abalea wrote: > > Le vendredi 25 avril 2014 18:14:39 UTC+2, Zack Weinberg a écrit : > > > >> Moreover, it is my personal opinion that as a matter of basic business > >> ethics, this is a cost you (or rather, your insurance) should absorb, > >> not your customers. > > > > Please define "customer". > > The people who receive(d) certificates from this CA. Why, do you think > some other category of people is more appropriately considered a CA's > customers?
A customer is someone who *buys* goods/services from a business. Buying involves money (or anything playing the same role). I have certificates from Startcom, I didn't pay a single penny for that, therefore I'm not a customer. All this is a money problem, and nothing is free. Running a CA is expensive, costs associated to revocation (procedures, CRL downloads, OCSP requests) are hidden but far from being negligible. They are usually covered by the price of the certificate. In Startcom's case, this isn't true. Maybe the business model needs to be changed? _______________________________________________ dev-security-policy mailing list dev-security-policy@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-security-policy