On 01/03/2009 06:41 PM, Florian Weimer:
I can understand that point of view. But what you seem to be asking
is that browser vendors take the role of judges, regulating CA
behavior. Shouldn't that be better left to the court system, keeping
Mozilla out of the loop? What advantage does Mozilla gain by acting
as a judge on day-to-day operations of CAs?
The same criteria should be applied to all CAs. With less definition
there is also more of room to undercut in every respect. Definitions and
agreed upon standards are nothing for the courts really, they need to be
defined first.
CAs (should) have controls in place to prevent that from
happening.
Could you explain what you're doing in this area? (A "no" is
perfectly acceptable because nothing you can do is totally secure, so
keeping the mechanisms secret actually buys you something.)
Yes, I think I don't want to elaborate on that really. But CAs usually
have more experience and know-how to set up preventive measures than an RA.
--
Regards
Signer: Eddy Nigg, StartCom Ltd.
Jabber: start...@startcom.org
Blog: https://blog.startcom.org
_______________________________________________
dev-tech-crypto mailing list
dev-tech-crypto@lists.mozilla.org
https://lists.mozilla.org/listinfo/dev-tech-crypto
