Eddy Nigg wrote:
perhaps Mozilla should start to use EV
certs for the update mechanism of Firefox and *enforce* it? There might
be many other sites which potentially could wreak havoc not measurable
in terms of money only.
Very good point.
Indeed, I don't want to trust the security of my system (which is worth
more than money) on the CA system.
On 31.12.2008 15:38, Gervase Markham wrote:
Perhaps we should. Can you file a bug about this, please? There may be
technical or procedural issues which make it less than trivial, but
filing a bug is the best way to find out what they are.
https://bugzilla.mozilla.org/show_bug.cgi?id=471779
I say we should mandate a specific certificate, because I don't trust EV
either. Not with my system security.
_______________________________________________
dev-tech-crypto mailing list
dev-tech-crypto@lists.mozilla.org
https://lists.mozilla.org/listinfo/dev-tech-crypto
