Google Groups no longer supports new Usenet posts or subscriptions. Historical content remains viewable.

Dismiss

Mozilla, Opera and co only tout open standards as it suits them

1 view

Skip to first unread message

Duane

unread,

Nov 22, 2006, 4:56:24 PM11/22/06

to dev-se...@lists.mozilla.org

With the advent of the CABforum as a trade group for commercial CAs
designed to keep everyone out that isn't looking to make a big buck out
of others you'd think the browsers with their cries of standards and
openness so they don’t get locked out by Microsoft wouldn't be so quick
to jump on this band wagon, but the complete opposite is true.

So what should we do as users, well as one person pointed out they plan
to boycott all Microsoft products that contain additions to their
software that supports EV certificates but we can do much more then
that. Remember the only ones to benefit from this are large commercial
CAs such as Verisign, and browsers via kick backs, although it seems
Verisign has spun this so well they won’t need to pay anyone a cent.

This will effect the 99% of small businesses (or even medium sized
business) that can’t justify spending the big bucks to get EV
certificates, it will effect partnerships, sole traders and even in most
cases Universities. If you ever expect to get an EV cert and you’re not
a bank or big company, well forget it, even if you had the money to
cover it, the standard is set so high that you wouldn’t be eligible in
any case.

If you ever thought of running a business over the internet now is the
time to have your say otherwise it could be too late to voice an opinion.

EV certs are being touted by Microsoft as preventing phishing, but as so
few phishing attacks utilise SSL at present this claim is laudable at best.

http://blog.cacert.org/2006/11/194.html

Best regards,
Duane

http://www.cacert.org - Free Security Certificates
http://www.nodedb.com - Think globally, network locally
http://www.sydneywireless.com - Telecommunications Freedom
http://e164.org - Because e164.arpa is a tax on VoIP

"In the long run the pessimist may be proved right,
but the optimist has a better time on the trip."

Eddy Nigg (StartCom Ltd.)

unread,

Nov 22, 2006, 5:33:13 PM11/22/06

to dev-se...@lists.mozilla.org

Duane wrote:
> you'd think the browsers with their cries of standards and
> openness so they don’t get locked out by Microsoft wouldn't be so quick
> to jump on this band wagon, but the complete opposite is true.
>

It's also striking to read the introduction of the guidelines:

"The CA/Browser Forum is a voluntary _*open*_ organization of
certification authorities and vendors of Internet browser
software and other applications."

It's about as open as Microsoft's kernel...

>
> EV certs are being touted by Microsoft as preventing phishing, but as so
> few phishing attacks utilise SSL at present this claim is laudable at best.

With currently only 0.25 % of pishing sites using SSL certification
(including self signed) as shown on this list earlier (source
netcracft), this is certainly the wrong reason for EV
certification...even the guidelines themselves, lists pishing only as
secondary purpose...

--
Regards

Signer: Eddy Nigg, StartCom Ltd.
Phone: +1.213.341.0390

0 new messages