Quite, the entire purpose of EV was to establish accountability. Some folk thought that only meant accountability for the certificate subject. If people paid attention to what I said they would have heard me talk about accountability for the certificate subject in every single talk I have ever given on either EV or Secure Letterhead.
And I have demonstrated the Secure Letterhead version of the plug in at numerous public and private venues over the past year. To claim that it was a shock that VeriSign would release code it had written a year earlier is somewhat strange.
Posted by PHB at May 23, 2007 10:00 AMOK the above is nonsense,
I talked about accountability for the certificate issuer in every talk. The idea was to hold every party accountable, not just the subject.
Posted by PHB at May 23, 2007 10:20 AMThe existing PKI EV model there is a major impendence mismatch between the User and the Service provider .This study gives a sound insights of User profiling www.tml.tkk.fi/~kk/p601-wu.pdf and this research
http://www.usablesecurity.org/papers/jackson.pdf which concluded saying
"Users fail to continuously check the browser’s security
indicators, since maintaining security is not the user’s
primary goal."
The down side of these tool bars is that domination of the big players in the CA market.
Posted by MitmWatcher at May 23, 2007 11:55 AMor make it obsolete, redundant and superfluous
recent thread/posts in crypto mailing list
http://www.garlic.com/~lynn/aadsm27.htm#14 307 digit number factored
http://www.garlic.com/~lynn/aadsm27.htm#15 307 digit number factored
http://www.garlic.com/~lynn/aadsm27.htm#16 dnssec?
http://www.garlic.com/~lynn/aadsm27.htm#17 dnssec?
including reference to brand new RFC for fixing spam and phishing (using DNS to serve up public keys)
New antiphishing, antispam specifications unveiled
http://www.computerworld.com/action/article.do?command=viewArticleBasic&articleId=9020940
IETF approves new weapon to fight spam, phish
http://searchsecurity.techtarget.com/originalContent/0,289142,sid14_gci1256125,00.html
and for slight drift ... sort of DNS related reference more than a decade before DNS
http://www.garlic.com/~lynn/2007k.html#33
and old email (also predating DNS) proposing online, real-time public key serving
http://www.garlic.com/~lynn/2006w.html#email810515
in this post
http://www.garlic.com/~lynn/2006w.html#12