On 12/30/2008 03:51 PM, Ian G:
On 30/12/08 14:23, Eddy Nigg wrote:
On 12/30/2008 01:43 PM, Ian G:
Most all certificates carry no warranty or have zero liability
disclaimers. Of course the words may differ, but even EV Guidelines
permit the CA to set zero liability, except where it shown that the CA
is at fault, and even that may be limited to something fairly tame given
the market they are heading into.
The browser does not know the difference! A certificate is a certificate
is a certificate. I don't want to demonstrate it again to prove my point
due to protect the private key of the mozilla.com certificate. Your
analyzes are not relevant for the browser - hence not relevant for the
relying party (and in this case Mozilla). This could have been literally
ANY organization instead. It could have been somebody else than me
interested to disclose publicly. It could have been multiple
certificates, nothing would have prevented that. And it would not have
protected the CA from claims.
And, in such a situation, is any number other than zero sustainable?
Sustainable by whom? Zero unvalidated certificates? Or zero claims? Or what?
I might be wrong, but I think you are supporting my point.
Most likely you are wrong, but I'm not sure....
--
Regards
Signer: Eddy Nigg, StartCom Ltd.
Jabber: start...@startcom.org
Blog: https://blog.startcom.org
_______________________________________________
dev-tech-crypto mailing list
dev-tech-crypto@lists.mozilla.org
https://lists.mozilla.org/listinfo/dev-tech-crypto
