Duane wrote: > Gervase Markham wrote: > > > The second half of your sentence contradicts the first. If the cost of > > doing business is raised, it will deter. The higher the raise, the > > greater the deterrent. > > There is no way you can raise the bar high enough to outweigh the scams > while still allowing existing businesses to be able to afford it as > well, and that is the crux of the issue, and why phone spam and other > social problems exist and will continue to exist until you can work out > a way to allow businesses to exist, but make it > > > Have you actually read the draft? This is not a "fax in your letterhead" > > system. > > *Sigh* as usual, missing the point, and just picking on one aspect of my > points... > > > Don't "pet name tool bars etc" require education to use also? > > The level of education is minimal as they take the approach to make > things intuitive that if you do X and Y occurs, there is a problem. > Compared to existing education programmes by banks and the like that if > X, Y, Z and some other factors exist, there may or may not be a problem. > > > A potential advantage of EV if all the browsers adopt it is that > > browsers, CAs, financial and other secure sites and consumer advocacy > > groups can have a single, simple consistent message for users. This > > makes it more likely that they'll actually pay attention. > > *yawn* ho hum, this won't do anything for security, it will do something > for Verisign's bank balance however, at least by those that buy into it, > and it could be a pretty big uphill battle of getting buy in from small > merchants and the like, although I'm sure they aren't Verisign's target > market with all this. > > And yes I am picking on Verisign as they are the ones most vocal for this. > > Ian and others were pushing for UI changes for years to add CA branding, > but of course he wasn't taken seriously... After all how do you really > punish a CA if the end users don't know who or what you are doing... > > While you are pushing this particular variation of snake oil, and > claiming if someone sees ebay drop from green to yellow, all panic will > occur and a break down in society, it's been proven time and time again > that users click through dialog boxes and they won't care if goes pink > with purple polka dots. > > -- > > Best regards, > Duane > > http://www.cacert.org - Free Security Certificates > http://www.nodedb.com - Think globally, network locally > http://www.sydneywireless.com - Telecommunications Freedom > http://e164.org - Because e164.arpa is a tax on VoIP > > "In the long run the pessimist may be proved right, > but the optimist has a better time on the trip."
Hi Everyone My name is Melih, i am the CEO/Chief Security Architect of Comodo (guys who give Verisign run for their money :)) I don't want to intrude as you all are doing an excellent job in asking the right questions to Gerv :-) However, there might be questions that you may want to ask directly to a Certification Authority. So pls feel free to ask any questions on the subject so that I can shed light from Certification Authority point of view... Melih _______________________________________________ dev-security mailing list dev-security@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-security