On Thu, 29 Mar 2012 08:38:29 -0700 John Nagle wrote:
Ok so it's sort of an improvement such as only the ip/domain which is verified being shown on the cert reducing possible misleading but hasn't actually dealt with the main problems at all. In fact as far as I can tell it will just be a waste of money for everyone. Like I'm not busy enough too. > Anonymous online businesses are illegal. > Assumption is the mother of all ****ups. You seem to be assuming criminals don't break the law?? I have a hunch, I'm not sure why, that they do. > > We (as SiteTruth) work to make web site ownership more visible, > as you can see at the "sitetruth.com" site. We encourage the CA > and browser communities to work toward that. Get tough on > anonymous businesses. The law supports you in this. I guess I'd need to look at your patent etc. but I am totally skeptical that this is viable and effective (especially for new businesses) though quite possibly of some use. Innovation has a hard enough time shining through to it's deserved place as it is. I still think it is far better to use a limited number of well looked after possibly browser controlled CAs. I notice Google is a CA already. I also think the only truly computer verifiable info being the domain/ip should be reduced to a single authentication of being able to write to the webspace. The trust should come from brand and public review/bad review. _______________________________________________ dev-security mailing list [email protected] https://lists.mozilla.org/listinfo/dev-security
