Frank Hecker: > Eddy Nigg (StartCom Ltd.) wrote: > >> Yes, this is a good argument in favor of EV and EV is exactly intended >> for that. Just a pity the rest of the public PKI is left broken, no >> matter what the reasons are (by design, lack of interest, commercial >> interests, etc), because there is more to protect than Paypal, Ebay and >> few banks. EV however might be an overkill for others. >> > > Ah, but isn't EV really returning the public PKI to the ideal of what > CAs are supposed to be doing in theory, namely binding a (strongly) > verified identity to a public key?
Yes and no and it depends! In PKI various different attributes can be verified including such which aren't used to today (or wouldn't make special sense for web sites). As we agreed earlier, lower and/or other type of validations make sense if applied correctly. Incidentally EV for your personal web site or for my blog wouldn't make sense really. The problem I really have is, that other IV and OV validations make sense too (again, if applied correctly), but neither the (missing) standards, policies and definitions nor therefore the UI doesn't help to differentiate, which leaves this part effectively broken in favor of EV and/or DV. > So in theory any site supporting > high-value transactions (financial or otherwise) should migrate to EV > certs. This certainly should include major sites like Bank of America, > E*Trade, etc., Amazon, etc., as well as any ecommerce site for which the > annual EV cert fee is a small fraction of overall operating expenses. > Absolutely agreed! Yes, this is what any bank, any financial institution and similar online service should do! I still believe that small online vendors and other sites which have to secure some sort of other private information can do with good IV/OV validation. And it's not only the fees, it's also the way the verifications are performed, which in many instances is an overkill. Effectively an EV cert can cost a subscriber not only the five hundred bucks or so, but much more. By much more I mean around two thousand. -- Regards Signer: Eddy Nigg, StartCom Ltd. <http://www.startcom.org> Jabber: [EMAIL PROTECTED] <xmpp:[EMAIL PROTECTED]> Blog: Join the Revolution! <http://blog.startcom.org> Phone: +1.213.341.0390 _______________________________________________ dev-tech-crypto mailing list dev-tech-crypto@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-tech-crypto
