Ian G wrote: > I must be really boring, I don't find that odd at > all. Where would you keep the root cert? You > surely don't believe all those stories about > m of n copies distributed in hardened bunkers...
No, but a few simple precautions can prevent a lot of effort needed to fix it :) > happen if the CAs can't make any money; > either the CAs have to be removed or we > have to find a way to make them some money, > or they have to do it for free. Economics is > not really negotiable at the physics level. My concern isn't that they want to make money, but stifle competition in the process to consolidate things. > The most important thing that the browser UI > can do is to promote more SSL. If twice as > many people use SSL but it has a slight > vulerability, that's much better than perfect > system that is only used by half as many. I agree with you on your opinions about opportunistic encryption, any encryption is better then none, but at the same time absolutely no verification is of no benefit either. > So, it would be ok for the lock not to be > shown as long as the browser does not > scare the user away or waste their time on > popups, IMHO. If self-signed certs could be > used exactly as HTTP, then we could replace > HTTP with self-signed certs and everyone > wins. mmmmmm.... see above... -- Best regards, Duane http://www.cacert.org - Free Security Certificates http://www.nodedb.com - Think globally, network locally http://www.sydneywireless.com - Telecommunications Freedom http://happysnapper.com.au - Sell your photos over the net! http://e164.org - Using Enum.164 to interconnect asterisk servers "In the long run the pessimist may be proved right, but the optimist has a better time on the trip." _______________________________________________ Mozilla-security mailing list [email protected] http://mail.mozilla.org/listinfo/mozilla-security
