On 01/04/2009 09:34 PM, Daniel Veditz:
Florian Weimer wrote:
EV is (also) an attempt to devalue existing infrastructure, so it's
some form of group punishment.
It also provides browsers with a slightly less blunt weapon. If a CA
clearly violates EV guidelines the browser could remove the EV-ness of
the root without removing the root itself. Users could still get to the
sites so we're not punishing users and not putting sites out of
business, but the site owners are no longer getting what they paid for
and that will put pressure on the CA.
It has been pointed out that this scenario is less likely than having a
CA conform fully to the EV guidelines, but their other CA business might
be considered unreliable. In such a case it would be advisable for
keeping the EV-ness as you say and remove the trust bits from the root
for their other certs. Now I don't remember if that's possible.
--
Regards
Signer: Eddy Nigg, StartCom Ltd.
Jabber: start...@startcom.org
Blog: https://blog.startcom.org
_______________________________________________
dev-tech-crypto mailing list
dev-tech-crypto@lists.mozilla.org
https://lists.mozilla.org/listinfo/dev-tech-crypto
