Eddy Nigg wrote: >> For example? > > Anything out of this list: https://www.startssl.com/?app=30#requirements
You want us to make a IV certificate which can be issued to businesses without "verifiable physical existence and business presence"? >> You mean that want a price point in between DV and EV? :-) > > Yeah also. And why not? For many EV is an overkill, But it's not for their benefit they are getting that level of vetting, it's for the benefit of their customers. Let's put it another way: how do we explain the difference between EV and this new level to consumers? "You can do transactions up to $X if there's an EV cert, but only $X / 10 if it's a NewV cert?" Who's going to pay attention to that? Proper identity validation takes time, and so costs money. The only way to make it cheaper is to do less validation. And the less validation you do, the easier it is to get dodgy certs issued. If it's possible to reduce the amount of validation without running that risk, let's change the EV standard. If you think the current CAs are overcharging, get certified for EV yourself and charge less. Gerv _______________________________________________ dev-tech-crypto mailing list dev-tech-crypto@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-tech-crypto
