Gervase Markham wrote:
Certificates may, at one time, have had good vetting behind them. However, because there were no standards, that led to a race to the bottom, where some CAs tried to cut corners and costs, knowing that their certs would still turn on the padlock.
I don't see a financial incentive to prevent that from happening again. Is there one?
Because they would then be differentiated from existing certificates which don't provide the sort of protection etc. etc.
My understanding is that they don't provide additional protection from a technical perspective. They only indicate a different social procedure. We should be skeptical that they will work as planned, since there is no track record of success. If there are problems, all we've done is add green to the list of meaningless colors.
-Rob _______________________________________________ dev-security mailing list dev-security@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-security
