> This is because the cheapest CAs do so bad work that the security is very > close to self signed cert.
Please show me evidence of startssl being less secure than some of the big CAs that have had major incidents. You only need to send them a csr too. Then realise that we should be concentrating on battling the increasing likelihood of MITM attacks being possible even despite secure local networks (which are too rare) because dumb ISPs and their even cockier and arrogant admins are doing DPI on proxies that users cannot refuse or opt out of having their connection routed through (HomeSAFE) and completely ignorant to the old and well serving mantra of WAN networks being simple and secure transport networks from a time when you had to be really good to be a network engineer. The term 'modern' is really starting to annoy me lately. If someone can MITM they can almost certainly defeat your browser or flash or vlc plugin and then your ssl means nothing, even more so after a bank login and so you have one time passwords and alerts. To me you just sound like a profiteer for CAs? In fact there is far more evidence that the GREEN EV crts pose more of a false sense of security than 'normal' domain validating certs! I do agree with the idea that only one domain per page or even site should be allowed ssl usage however. -- _______________________________________________________________________ 'Write programs that do one thing and do it well. Write programs to work together. Write programs to handle text streams, because that is a universal interface' (Doug McIlroy) _______________________________________________________________________ _______________________________________________ dev-security mailing list [email protected] https://lists.mozilla.org/listinfo/dev-security
