[cap-talk] [Fwd: Re: CAcert Root Certificate]
Ian G
iang at systemics.com
Thu Feb 10 21:52:57 EST 2005
OK, so it turns out (I had forgotten this!) that
the CA branding half of TrustBar was in fact
what was done in the old Netscape security
model. Last para...
iang
-------- Original Message --------
Subject: Re: CAcert Root Certificate
Date: Thu, 10 Feb 2005 14:46:01 -0800
From: Bob Relyea <rrelyea at redhat.com>
To: mozilla-crypto at mozilla.org
>
> Gervase Markham wrote:
>
>> Ian G wrote:
>>
>>> Good, I'm glad you understand what is meant by
>>> branding. By forcing VeriSign to brand themselves
>>> like Virgin, they are laid bare to their trusting public.
>>> Who knows, maybe they will surprise us all.
>>
>>
>>
>> You expect Verisign to start taking out brand-building ads based on a
>> change we make to Firefox?
>
For what it's worth, this is exactly what Verisign would like to do. The
recognize that as more and more CA come on the market, their ability to
charge a premium for their service diminishes. They *want* the user to
know that this site is validated by Verisign and build a market where
the home user trusts not just the lock, but the lock + the Verisign logo.
Of course Verisign would like the visibility in Firefox, but the have
less interest in it other than a way to coorce Microsoft into doing the
same thing.
These same arguments played around and around at Netscape (back when it
mattered to Verisign) about wether or not to include the signer's brand.
In the end it was UI realestate (or the lack thereof given to security)
argument that won the day. In the arena where realestate was less of an
issue, but security was, the signer's logo and name *WERE* included
(remember the 'Grant' dialogs for signed apps). They still contain those
logos today.
bob
--
News and views on what matters in finance+crypto:
http://financialcryptography.com/
More information about the cap-talk
mailing list