Hi, Lately we have all seems that the certificate system is not 100% secure - mistakes happen. It might never become fully bullet proof but one simple change might help a lot.
How about creating certificate type that is registered in a central database and require all CAs to check this DB before issuing new certificates? Once in that database no certificates could be issued for this specific domain. I think that most high profile sites would take advantage of such service. My suggestion probably needs a little fine tuning but it would be a step in the right direction. -- kind regards, Patricia, Certstar ApS _______________________________________________ dev-tech-crypto mailing list dev-tech-crypto@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-tech-crypto
