On Mon, 18 Apr 2005, Ian G wrote: > Gervase Markham wrote: > > It's like Michelin stars. You probably have to cook better food these > > days to get 3 stars for your restaurant than you did in the 30s, but > > three stars still means "the best available". > > Michelen stars would be a perfect example. [...] > If michelin were to much it up, their brand is at risk, > and users would start following other brands.
It seems to me that the browser's job should be to provide the infrastructure that makes it possible for people to establish such rating brands, rather than to be held responsible for the ratings themselves. The two purposes are separable -- (a) consistent identification and (b) trustworthiness ratings. I believe the problem is that right now a lot of people are expecting or led to expect CAs to do job (b), but they don't do that. They only really try to do job (a), and do even that quite poorly. Since the browser can take care of (a), CAs in their current function are unnecessary. If CAs want to go ahead and do (b), fine, but then they better start acting like it. -- ?!ng _______________________________________________ Mozilla-security mailing list Mozilla-security@mozilla.org http://mail.mozilla.org/listinfo/mozilla-security