https://wiki.mozilla.org/Apps/Security#The_Problem_With_Using_SSL
i have added an extra two reasons (one to help deal with the cases which robert kindly raised) as to why SSL is completely inappropriate. here is an additional reason: SSL requires, for each and every single connection that is established, a cost in processing terms. this cost will eventually add up to a significant amount of money, and the telcos will be expected to foot the bill. by contrast, people-based PKI (GPG signing of packages) does *not* have a processing cost - not by the telcos, at least, and *DEFINITELY* not a cost that is proportional to the number of downloads. there really and quite literally is not a single good reason why host-based security such as SSL PKI is a good idea when compared to people-based PKI (GPG/PGP). _______________________________________________ dev-security mailing list dev-security@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-security