Colin Guthrie wrote: > Yeah the cheap CA's are IMO actually a problem. > > I (personally) think we should have a new system for this scenario: > > http:// = totally insecure > https:// = secure and to a reasonable degree of trust (e.g. no $12.00 > certs!) > httpus:// = secure but no aspect of trust.
Colin, I think you're mixing apples and oranges here - http(s) was never meant to provide any indication of "trust". Besides, how do you suggest we distinguish between CAs "with no trust" and CAs "with trust"? /Per -- Per Jessen, Zürich (1.1°C) -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
