At 2:45 AM +0000 10/18/08, Frank Hecker wrote: >Yes, but as I understand it what is being discussed here is a more elaborate >scheme whereby, for example, we (Mozilla) might run an actual CA just for the >purpose of cross certifying the roots that we accept. Like Nelson, I can't >remember who exactly was advocating this and what their arguments for this >proposal were.
It doesn't have to be a CA: it has to be a trusted service of some sort. For example, see the TAMP work currently being discussed in the PKIX WG. _______________________________________________ dev-tech-crypto mailing list dev-tech-crypto@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-tech-crypto
