I hate to ask this, but would you possibly be willing to keep track of the
steps
you need to take to do this? Once that's written down somewhere we can throw
it
up on the wiki and it'll at least be _something_.
Sure. As soon as i can solve the problem (I hope I'll solve it), i'll
write
Ka-Ping Yee wrote:
But if certificate revocation is going to work, doesn't it have to be
implemented by the browser? Couldn't there be a role for Mozilla to
play here?
There are two ways of doing certificate revocation, OCSP and CRLs.
However, both mean the browser contacts the CA to
L. David Baron wrote:
So far most of the posts in the thread have been by CA
representatives (and Gerv's responses to those posts). While
occasional comments from CAs may be useful in the thread for
purposes of clarification, I certainly don't welcome such attempts
to dominate the discussion.
Heikki,
Thanks for taking the time to read the draft thoroughly.
(Can we use section numbers rather than page numbers? Because there are
two sets of page numbers - document page numbers and those on the pages
themselves. Thanks.)
Heikki Toivonen wrote:
* I don't actually see why
Duane wrote:
1% (or 20%) of businesses is definitely not the same as 1% (or 20%) of
_business_. Because not all businesses do an equal amount of business.
proof of these assertions?
You are requiring me to prove my assertion that Amazon doesn't do the
same amount of business in a year as
Heikki Toivonen wrote:
Duane wrote:
Ok, based on this reply and others we can assume it's possible to judge
the possibility of fraud in similar manners to how we associate fraud in
real life, ie ask others about (or in this high tech world google about
it), after all if you have a problem
Ka-Ping Yee wrote:
I wish CAs believed that were the case! I think some of the skepticism
you are encountering in this discussion is skepticism that Verisign and
other CAs will actually feel any pressure. Right now, they have most of
the power and Mozilla has very little, because Verisign has
Duane wrote:
Actually this wouldn't be an improvement and there is various reason why
CRLs were replaced with OCSP, and OCSP revocation checks should be
turned on by default, although I'd be more interested to see OCSP
proxying by the website implemented to protect end user privacy.
That would
Gervase Markham wrote:
1) is impossible, so we do 2). So they are trustworthy by threat rather
than trustworthy by assessment.
2 isn't a threat, and there is prime examples of criminals finding
people with banks accounts with the same banks that they have
fraudulently accessed so they can
Gervase Markham wrote:
When Verisign issues a bogus certificate -- as it has in several cases --
Do you have a list, with references? I know about the MS code-signing
certs, but no other cases.
http://www.benedelman.org/news/020305-1.html
Eddy Nigg (StartCom Ltd.) wrote:
No! But you don't answer on what I said...did you realize what you
actually proposed? Sincerely? You actually suggested, that StartCom (or
other smaller CA's) could be kicked out for a mistake, but Verisign will
stay there, no matter what, because of market
Gervase Markham wrote:
But what you are not, Eddy, is a member of the Mozilla community - or,
at least, not until about a week ago and not in any context apart from
this one.
Thank you for that oneHowever StartCom provides two free and open
source operating systems (which includes Mozilla
12 matches
Mail list logo
