[19298] in cryptography@c2.net mail archive
browser vendors and CAs agreeing on high-assurance certificates
daemon@ATHENA.MIT.EDU (Steven M. Bellovin)
Sun Dec 18 10:43:41 2005
X-Original-To: cryptography@metzdowd.com
X-Original-To: cryptography@metzdowd.com
From: "Steven M. Bellovin" <smb@cs.columbia.edu>
To: cryptography@metzdowd.com
Date: Sun, 18 Dec 2005 00:28:32 -0500
http://news.com.com/Browsers+to+get+sturdier+padlocks/2100-1029_3-5989633.html?tag=st.rn
The article is a bit long-winded and short on details, but the basic
message is simple: too many CAs have engaged in a price- and
cost-driven race to the bottom; there are thus too many certificates
being issued that aren't really trustworthy. A group of CAs and
browser vendors have been meeting; they've agreed on a set of standards
for certificates that represent more checking by the CA. Browsers will
be enhanced to display a different sort of notification -- for IE, a
green address bar.
--Steven M. Bellovin, http://www.cs.columbia.edu/~smb
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo@metzdowd.com