Gervase Markham wrote:
On the 17th of this month, at the invitation of Comodo, the major CAs and browser vendors (including mozilla.org) are having a meeting in New York to discuss some of the issues surrounding the future of SSL and trust on the Internet.
What CAs were/are invited to attend?
At the moment, I've been asked not to say who has been invited apart from us and Comodo (the organisers). I assume I will be able to, either closer to the time or afterwards.
What's the likelihood of minutes being made available,
I'm not organising it so again, I couldn't say. Contact Steve Roylance at Comodo - [EMAIL PROTECTED]
or is this going to be a completely closed session with the intent of locking others out of this space?
I don't think anything will be done solely with the intent of locking others out of the space. However, I'm wary of giving assurances on this matter because I suspect that things which I think are reasonable steps to increase accountability would be seen by you as lock-out attempts.
As an example (and I don't know of anyone who is actually suggesting this), what if we made all CAs who issued non-zero accountability certs post a $1,000,000 bond against losses from phishing attacks performed using their certs? Would you consider that a lockout measure?
The paper I've written reflects the direction I think we should be going in, and I believe that a number of other groups present are thinking along the same lines. Do any of those measures look designed to lock others out of the space to you?
Gerv _______________________________________________ Mozilla-security mailing list [email protected] http://mail.mozilla.org/listinfo/mozilla-security
