On Aug 27, 2011, at 7:30 PM, Hector Santos wrote: > Keith Moore wrote: >> On Aug 27, 2011, at 10:31 AM, John Levine wrote: >>> TLS for session privacy is nice, but I find negligible value in a >>> little lock icon in my browser that means only that one of the several >>> dozen cert issuers configured into my browser, most of whom I've never >>> heard of, and many of whom aren't even the organization in the cert >>> name, signed something. >> +1. IMO browser vendors have made TLS nearly useless for web browsing by including so many default CAs; some with dubious integrity, and a few with a demonstrated lack of integrity. > > Interesting viewpoint. Are you advocating for a monopoly or oligopoly centralization? no, replacing one flawed model for another won't help. the root problem is that users are being expected to extend trust to whatever set of CAs the browser vendors find "convenient", and browser vendors can be influenced/coerced in these choices by various means. but it's not as if users are in a better position to decide which CAs are trustworthy. _______________________________________________ Ietf mailing list Ietf@xxxxxxxx https://www.ietf.org/mailman/listinfo/ietf