Matt Palmer via dev-security-policy <dev-security-policy@lists.mozilla.org> writes:
>If you're unhappy with the way which your interests are being represented by >your CA, I would encourage you to speak with them. It's not the CAs, it's the browsers, and many other types of clients. Every Internet-enabled (meaning web-enabled) device is treated by browsers as if it were a public web server, no matter how illogical and nonsensical that actually is. You don't have a choice to opt out of the Web PKI because all of the (mainstream) clients you can use force you into it. Ever tried connecting to a local (RFC1918 LAN) IoT device that has a self-signed cert? It's not really the CAs that are the problem, everything you're likely to use assumes there's only the Web PKI and nothing else. When the clients all enforce use of the Web PKI, there's no way out even if the CAs want to help you. Peter. _______________________________________________ dev-security-policy mailing list dev-security-policy@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-security-policy