Why on earth would the CA be held liable if there were a problem in the browser? They are simply issuing credentials. If anything, EV is an improvement over the existing state of the SSL industry, where each CA offers a different degree of vetting ... while browsers show all certs in the same way.
Posted by Charter77 at January 31, 2007 09:15 AMWhilst trying to fix the keychain in OSX I discovered there is a Certificate Assistant built into it for managing certs.
It also happens to let you setup your own CA - I think that is a first for a GUI.
Posted by f at January 31, 2007 09:45 AMCharter77,
> Why on earth would the CA be held liable if there were a problem in the browser? They are simply issuing credentials.
Looks like our friend 'f' above wants to simply issue credentials, so no problem at all?
Of course, the issue turns around whether the browsers accept the EV certs. If the browser incurs the liability, why would they accept them? If the CA accepts the liability, that might be a good deal for the browsers.
The devil is in the details between those extremes. If the CA tries to hide/obfuscate/minimise the liability, who gets it? In the old deal it was the users, who were sold on "safe browsing" and "trust" but in fact ... were just simply issued credentials, as you say.
How does EV improve on that old story? They ain't simply credentials, if the 70 page guidelines mean anything.
Posted by Iang at February 1, 2007 06:10 PM