Ian G wrote: > Nelson B wrote: > > Ram0502 wrote: > > > >> Ian G wrote: > >> > >>> This is something that Julien brought up and Amir > >>> addressed by setting the border at the CA. As the > >>> user identifies a particular CA as good, the security > >>> app module accepts any cert from that CA. > >> > >> > >> Nice practical solution. > > > > > > Except that it creates a monopoly situation for the cert buyer. > > > > Having bought his first cert from CA X, if he ever buys a cert > > from CA Y instead, all his users will be alarmed. This gives > > CA X opporunity to charge ever higher prices for cert renewals. > > > In practice this would be the case, if the users > decided to let them do that. I don't see too many > users just slavishly renewing without a bit of a > tussle. Most sites that have a real user base > and users worried about security will also have a > way of notifying them otherwise that something will > change.
True although this probably means they'll take an increase phone calls or emails as well, that adds up and can offset the benefits of a price-break pretty quickly. _______________________________________________ Mozilla-security mailing list [email protected] http://mail.mozilla.org/listinfo/mozilla-security
