[cryptography] Math corrections
Joe St Sauver
joe at oregon.uoregon.edu
Sun Sep 18 15:30:30 EDT 2011
#Right -- how to fix the race to the bottom?
Wasn't that supposed to be part of the Extended Validation solution?
If it has failed at that, and I could see arguments either way, the
other "natural" solution is probably government regulation. It likely
wouldn't be pretty, but imagine:
-- governmental accreditation of CAs (instead of, or in addition to,
browser vendor/CAB reviews)
-- governmental minimum price points for regulated products (thereby
eliminating the race to the bottom, or competition on pricing in
-- potentially government required insurance bonds, protecting the
public against negligence or malfeasance
-- governmental audits/reviews of CA compliance
-- pressure on third parties to make sure that PCI-DSS and similar
regulations mandate use of government approved CAs, only
Of course, this may be one of those "Be careful what you wish for"
Joe (someone who's generally NOT a big fan of direct government intervention)
Disclaimer: all opinions strictly my own.
More information about the cryptography