An alternative idea, tweaking the business model: Let's say we managed
to make CAs liable for any business that goes wrong and it cannot be
sorted out with the cert holder, either because he cannot be reached or
sued or the company cannot pay the money that the court ordered it to.
Then, suddenly, the CAs have very strong incentive to be checking very
well, including financial records, and are able to balance the checking
costs vs. damage themselves. In *that* case, it would actually make
sense to also show the CAs name to the user, because the CA provides
actual value/security for the user.
If the goal is to really improve the reputation of online business
substantially, we could go even further.
_______________________________________________
dev-security mailing list
dev-security@lists.mozilla.org
https://lists.mozilla.org/listinfo/dev-security
