As CACert is not a commercial organisation, and doesn't sell its certs for any sort of real money, this has sparked quite a debate.
The groundswell for reworking browser approach to the crypto security layer is growing. In 2003, I pressed the debate forward with a series of rants attacking the SSL/HTTPS (in)security design.
I suggest the way is now open for cryptographers to adopt economic cryptography, rather than the no-risk cryptography approach used and since discredited in SSL.
In the specific case of SSL/HTTPS, we recommend moving to:
Copying the successful economic cryptography model of SSH would definitely lift the ugly duckling SSL crypto system up out of the doldrums (1st in above rants page, "How effective is open source crypto?" discusses the woeful statistics for SSL certificate usage).Posted by iang at February 10, 2004 09:37 PM | TrackBack