beltzner wrote: > - increasing the liability exposure for CAs found to be lax in their > applications of the guidelines
The problem here is businesses tend to do whatever is cheapest, if paying out $2k is cheaper then due diligence then without any other external forces increased or excessive liability is the only option to keep companies doing the right thing. As someone else pointed out they get more insurance sending parcels or if your UPS devices fail to protect equipment. > I'm really only interested in points like the first three. If it's a > market conspiracy, you can bet your bippy that the market will decide. Just like it did with PKI already? :) > [1]: In fact, I don't think that in the timeframe of Firefox 3 there > will be any set of metadata which we'd use to declare "This website is > safe", but I'm willing to be proven wrong so I don't want to overstate > my position. Will you take an interest in the security researchers that were trying to help Mozilla out in the past (but mostly ignored or worst given the run around)? -- Best regards, Duane http://www.cacert.org - Free Security Certificates http://www.nodedb.com - Think globally, network locally http://www.sydneywireless.com - Telecommunications Freedom http://e164.org - Because e164.arpa is a tax on VoIP "In the long run the pessimist may be proved right, but the optimist has a better time on the trip." _______________________________________________ dev-security mailing list dev-security@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-security
