> Wow, now that is over the top! How incredibly obnoxious. So the view of > mozilla.org is that their users are incompetent fools. I wonder why you care > about security for these 'idiots'?
Not everyone on this list speaks on behalf of "Mozilla.org" (I certainly don't) and even within "Mozilla.org" I'm willing to bet there is no official viewpoint on users and that there are dissenting view points in fact. The reality is most security professionals, let alone average users don't know the exact differences between DV/OV/EV certificates. Most of them just want to get task X done (online banking, read the news, etc.), and get on with life. So why do I care about the security of others? Because we share the same Internet. It's basically a public health problem, I don't want people sneezing on me just as I don't want infected machines on the network I am on (it increases administrative over head, I have to devote resources to dealing with attacks/etc.). I am also altruistic/selfish enough to want the Internet and services on it to continue functioning. Email is around 90-95% spam, I'd to see a similar influx of garbage hit other services that won't handle it so well. > If this is the attitude of the best browser security, no wonder we have so > many problems. The reason we have so many problems is this: Security is hard. Different people have different definitions of "Security" and what level of "Security" they want. Striking a balance is not easy. Personally I wouldn't mind seeing a return to the days of $300/year SSL certificates that actually were a pain to buy because the verification process was stringent. But I also like the idea of free DV certificates for every site so that as much web traffic as possible can be protected from snooping/etc. (I love that Google Gmail is encrypted by default now). Two viewpoints literally at opposite ends of the spectrum from just one person, now imagine the several million "Mozilla.org" is trying to please to some degree. > jjb -Kurt -- dev-tech-crypto mailing list dev-tech-crypto@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-tech-crypto
