On 03.05.2009 09:06, Ian G wrote:
(5) possibly as consequence of all the above, it can be claimed that
it is an empty threat, and no more than a security/marketing tool for
PKI people.
Consequently, we need to either:
* Make that threat not empty
* Create other ways to make CAs behave when they violate the audits or
our rules. (We have real cases for that)
FWIW, I have removed Comodo from my browser's roots, and I have
encountered only 2 sites recently which used it, despite going to quite
some online shopping sites (SSL part).
--
dev-tech-crypto mailing list
dev-tech-crypto@lists.mozilla.org
https://lists.mozilla.org/listinfo/dev-tech-crypto
