[TrustBar] [Fwd: Re: Low assurance SSL CAs]
Ian G
iang at iang.org
Tue Feb 15 15:53:32 EST 2005
Duane wrote:
> Ian G wrote:
>
>> The 'metric' has to be either centralised -
>> agreed to some standard - or decentralised
>> so the user judges it on a per-CA basis.
>
>
> Except in MS IE, I can turn off the CAs in my browsers, so even though
> it starts out centralised it can be over ridden (perhaps we're coming
> up with the same answer from different angles?)
>
> So basically my original email covered this, set of predefined
> settings, that the user is able to tweak after the fact... I can add
> to the list in MS IE, but I can't remove this isn't exactly an ideal
> situation that I want to be dealing with...
Well, if the metric is centralised, sure, the issue
isn't whether the user can avoid its ramications
(that's always possible, just don't browse...) but...
The issue is who sets up the metric? Who says
I am a 1, you are a 2? I'm as happy as Larry if
it's me that tells you what you are, but I'm damn
sure, I'm not happy if anyone else says I'm a 3.
iang
--
News and views on what matters in finance+crypto:
http://financialcryptography.com/
More information about the TrustBar
mailing list