On Sat, Apr 9, 2011 at 10:44 AM, Eddy Nigg <eddy_n...@startcom.org> wrote: > On 04/09/2011 01:52 AM, From Adam Barth: >> ^^^^ There's significant interest in this feature from chrome-security >> as well. > > There is however a very limited benefit and would only prevent a particular > type of failure if at all. The enforcement for it would have to be baked > into the client software and adherence by CAs would have to be required by > policy. I don't see that happening at the moment, specially because the > benefit is fairly small for the hassle.
I'm reasonably sure that it will happen in some form or another given the amount of interest on the part of browser implementors and web site operators. There's no dependencies on the CAs, as far as I understand. Can you explain what you think the CAs will need to adhere to? Adam _______________________________________________ dev-security mailing list dev-security@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-security