[cap-talk] A petname toolbar for Firefox

[Mark Miller]

Ian G wrote:
> What David suggests - the server is its own authority, and
> creates locally signed certs on its own merits - is how any
> sensible design would lay things out.  (Yes, that's what
> my system does, how about E?)

I wrote:
 > If I understand you correctly, the answer is, yes, E does this too.

Ian G wrote:
> This isn't going to happen in SSL's PKI, and the PKI
> was probably designed not to let it happen (do we
> need to show that to this audience?) ... so unless
> someone knows a way to get the Apache boys to
> re-engineer this part, that design is a theoretical
> hope only.

Perhaps I spoke prematurely. AFAIK, HTTPSY works within the existing TLS spec. 
E will be switching over to using TLS in exactly the same way that HTTPSY does.

-- 
Text by me above is hereby placed in the public domain

     Cheers,
     --MarkM