On Mon, Jun 05, 2017 at 08:25:22PM -0500, Peter Kurrasch via dev-security-policy wrote: > Consider, too, that removing trust from a CA has an economic sanction > built-in: loss of business. For many CA's I imagine that serves as > motivation enough for good behavior but others...possibly not.
I think it's a strong motivator, it's just that CAs trust that the collateral damage of broad distrust will prevent trust stores from deploying the sanction. Essentially, CAs use relying parties as a human shield against having meaningful sanctions deployed against them. Hence "Too Big to Fail". > (For example, who gets to keep the money collected?) Me, of course. <grin> - Matt _______________________________________________ dev-security-policy mailing list dev-security-policy@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-security-policy
