Ian G wrote: > A tightly closed membership, oriented to CAs in their chosen segment. As > CAs, they incline towards including two other groups, being the upstream > audit organisations who provide the WebTrust, and the downstream > browsers who consume the WebTrust.
Which is not unexpected. A group concerned with CA certificates will have members who provide the certificates, and members who consume them. (Browser vendors - they use them to provide trust indicators or other user interface to their users.) > However, they include no other stakeholder groups. Of especial concern, > nobody who speaks for the end-user, even though they clearly intend as a > group to sell to these end-users. Certainly not selling "as a group" - several CAs are very touchy about anti-trust. :-) We (the browser vendors) like to think we speak for the end users. > Given such a structure, it is hard to see how they can avoid the fate of > protecting the franchise. Although I'm sure they do careful work in > documenting the current thinking, it is not reasonable to expect them to > do new thinking and to think about the new threat environment, nor to > resist the trap of increasing work loads and complexity, and reducing > availability and delivered security. I am having trouble extracting meaning from that last sentence. Gerv _______________________________________________ dev-tech-crypto mailing list dev-tech-crypto@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-tech-crypto