On 1/1/09 22:37, Gervase Markham wrote:
Ian G wrote:
Hmmm, odd that Frank views EV as ecommerce and here we see another view
of EV as technical delivery of updates.
I think that's a misrepresentation of both Frank's and my position. I
don't think Frank said that EV was _only_ for ecommerce, and I certainly
didn't say that it was _only_ for technical delivery of updates.
Views not positions, but, yes of course. I think what I was hinting at
was that notions of presenting EV as a sort of specialist version of
something ... inevitably lead to using successful standards to deal with
everything ... inevitably leading to either a race to the bottom or a
_barrier to entries_ simplification. Both result in loss of security.
As the update mechanism is an integral part of the software, it is
somewhat obscure to me why a consumer branded product like EV would have
anything to do with the technical delivery of updates?
We would be taking advantage of the increased identity checking
necessary to get one.
Hmm. Then I misunderstand completely. Are we talking about Mozilla
delivering updates to Mozilla users, or are we talking about general
code-signing certificates for the ecosystem of plugin developers?
Apologies in advance for missing the cue...
If it is code-signing, then EV is not really the model, that's more for
corporations, and a lot of programmers are individual developers. I
would have thought?
(But, yes, to declare an interest, CAcert has not sorted this area out
either, and I'm interested to see what they do. Right now, nothing, so
no code signing.)
iang
_______________________________________________
dev-tech-crypto mailing list
dev-tech-crypto@lists.mozilla.org
https://lists.mozilla.org/listinfo/dev-tech-crypto
