As an example (and I don't know of anyone who is actually suggesting this), what if we made all CAs who issued non-zero accountability certs post a $1,000,000 bond against losses from phishing attacks performed using their certs? Would you consider that a lockout measure?
Did you hear about insurance fraud ? I think if you do something like that it will become a very big problem for those CA :-)
I think commercial CA would hate such a thing even more than cacert, so I don't see it at a lockout.
_______________________________________________
Mozilla-security mailing list
Mozilla-security@mozilla.org
http://mail.mozilla.org/listinfo/mozilla-security
