On Sun, Dec 28, 2008 at 9:28 AM, Ian G <i...@iang.org> wrote: > On 28/12/08 17:06, David E. Ross wrote: >> How about the users of Mozilla products who might lose money or even go >> bankrupt because they trusted a root certificate from such a CA? No, >> such losses are not known (yet). What did happen, however, indicates >> that such losses are indeed possible and not only through Certstar. > > Yes, indeed. That's a big question. > > What I am suggesting is that "dropping the root" will not address that > question. It is too blunt a weapon to be used reliably.
Considering that "trustability" is viewed as a binary state, it's the only weapon that Mozilla has. -Kyle H _______________________________________________ dev-tech-crypto mailing list dev-tech-crypto@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-tech-crypto