--On onsdag, januar 04, 2006 09:54:56 -0500 Sam Hartman
John> And the TLS world is dominated by a single signer whose
John> signing policies are opaque.
Really? Are you sure the TLS world is not dominated by users clicking
OK trust this cert for anything they see, combined with a lot of self
signed certs and certs from a variety of CAs? I do expect that most
web sites tend to have Verisign certs, but I have no idea about other
uses of TLS.
Here's an interesting thing you can do if you're an Opera user:
Go into the preferences/advanced/security section and mark all your root
certs as "warn me before I use this cert".
Then Opera will tell you which root cert the website got its cert from
every time you click on a HTTPS link.
If most of the Net uses Verisign, Verisign's got a bewildering array of
Ietf mailing list