Paul Hoffman wrote: > At 10:10 AM +0100 5/28/07, Gervase Markham wrote: >> Paul Hoffman wrote: >>> Exactly. I strongly suspect that KISA would do a better job at checking >>> identification of a Korean company in .com than the CAs in the lowest >>> quartile of capabilities whom we fully trust to do so. >> >> But do we fix that problem by allowing the Korean government-audited CA >> to testify to the identification of anyone, or do we fix it by raising >> the standards of identification for existing CAs? > > The former. We do not have any experience in the latter, we do not have > the manpower to enforce the latter, and we take on a fairly hefty > financial responsibility if we choose the latter.
I believe EV is doing this without the need for manpower or the acceptance of financial responsibility. > If we allow the end user to truly be their own CA (and that takes a fair > amount of UI design, review, and coding), Are you saying I suggested that? Or are you just moving the discussion on? Or are you missing a "don't"? Gerv _______________________________________________ dev-tech-crypto mailing list dev-tech-crypto@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-tech-crypto