On Fri, 30 Mar 2012 13:56:12 -0700 Kyle Hamilton wrote: > Besides... the browsers aren't the ones who can enforce this, the > Payment Card Industry contracts and audits are.
The browsers hold the cards if they get consensus between them that is. PCI would have to adapt to the browsers decision otherwise the card industries revenue stream would stop or rather be taken by a card provider who decided to comply and of course one would. I don't see any good point in EV though, but DV should be done better. Perhaps even a mozilla CA, a Google CA, and a Microsoft CA with an attacker having to compromise all three to be successful. _______________________________________________ dev-security mailing list [email protected] https://lists.mozilla.org/listinfo/dev-security
