Kyle, You can claim and be honoured to get me out of my relative quietness. As the vast majority, I am relatively happy to read message in a forum while searching a solution to a problem. Your message raises multiple points that have to be address.
I consider myself as a certificate newbie and a programmer-to-be but I totally support your points. Certificates are one of the few things the Open Source community (at large) have not address its model yet. A few large entities are making large sums of money out of it, certifying that you are you while they don't know who you are. If citizenship was granted like this, we would be citizen of all and every countries on this planet. One of the few things that always bothered me was that "single" chain for any certificates. You can always cross-sign any certificates but it will not break its "chain" relationship. What really does prevent us to have multiple parties to sign a single certificate? Because we'll have to reinvent the wheel ? Humanity did it numerous times so it won't be the first one if we had to do it... Let's Encrypt is a good start but it is not going as far as I would like. A larger debate needs to happen on that matter, the sooner the better. Not only in Mozilla, we need much more folks like you in our communities. Keep on your good work. _______________________________________________ dev-security-policy mailing list dev-security-policy@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-security-policy