Paul Hoffman wrote:
> At 10:10 AM +0100 5/28/07, Gervase Markham wrote:
>> Paul Hoffman wrote:
>>>  Exactly. I strongly suspect that KISA would do a better job at checking
>>>  identification of a Korean company in .com than the CAs in the lowest
>>>  quartile of capabilities whom we fully trust to do so.
>>
>> But do we fix that problem by allowing the Korean government-audited CA
>> to testify to the identification of anyone, or do we fix it by raising
>> the standards of identification for existing CAs?
> 
> The former. We do not have any experience in the latter, we do not have 
> the manpower to enforce the latter, and we take on a fairly hefty 
> financial responsibility if we choose the latter.

I believe EV is doing this without the need for manpower or the 
acceptance of financial responsibility.

> If we allow the end user to truly be their own CA (and that takes a fair 
> amount of UI design, review, and coding), 

Are you saying I suggested that? Or are you just moving the discussion 
on? Or are you missing a "don't"?

Gerv
_______________________________________________
dev-tech-crypto mailing list
dev-tech-crypto@lists.mozilla.org
https://lists.mozilla.org/listinfo/dev-tech-crypto

Reply via email to