Ian G wrote:
A possible solution is an open end-user offer. I have before mentioned that each CA should have a relying party agreement or similar; something on offer to the mozo end-user. It should be the minimum, or default, or entry-level document for the end-user. It should apply even if the user never saw it, like an open source licence. It should set liabilities between CA and end-user.
It sounds like you're referring to something like a PKI Disclosure Statement idea that's been discussed in the past:
http://www.verisign.com/repository/pds.txt Some CAs do indeed have these, but not all. Frank -- Frank Hecker hec...@mozillafoundation.org _______________________________________________ dev-tech-crypto mailing list dev-tech-crypto@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-tech-crypto
