Nelson B wrote:
Ram0502 wrote:
Ian G wrote:
This is something that Julien brought up and Amir
addressed by setting the border at the CA. As the
user identifies a particular CA as good, the security
app module accepts any cert from that CA.
Nice practical solution.
Except that it creates a monopoly situation for the cert buyer.
Having bought his first cert from CA X, if he ever buys a cert
from CA Y instead, all his users will be alarmed. This gives
CA X opporunity to charge ever higher prices for cert renewals.
In practice this would be the case, if the users
decided to let them do that. I don't see too many
users just slavishly renewing without a bit of a
tussle. Most sites that have a real user base
and users worried about security will also have a
way of notifying them otherwise that something will
change.
And SURELY raising prices for certs is not among Ian's goals! :)
Nope :) My goal is security for the user. If
it costs, it costs. But I see things like
CACert being a useful influence there.
iang
--
News and views on what matters in finance+crypto:
http://financialcryptography.com/
_______________________________________________
Mozilla-security mailing list
Mozilla-security@mozilla.org
http://mail.mozilla.org/listinfo/mozilla-security