[cryptography] Math corrections

Joe St Sauver joe at oregon.uoregon.edu
Sun Sep 18 15:30:30 EDT 2011

Ian asked:

#Right -- how to fix the race to the bottom?

Wasn't that supposed to be part of the Extended Validation solution?

If it has failed at that, and I could see arguments either way, the
other "natural" solution is probably government regulation. It likely 
wouldn't be pretty, but imagine:

-- governmental accreditation of CAs (instead of, or in addition to, 
   browser vendor/CAB reviews)

-- governmental minimum price points for regulated products (thereby 
   eliminating the race to the bottom, or competition on pricing in

-- potentially government required insurance bonds, protecting the 
   public against negligence or malfeasance

-- governmental audits/reviews of CA compliance

-- pressure on third parties to make sure that PCI-DSS and similar
   regulations mandate use of government approved CAs, only

Of course, this may be one of those "Be careful what you wish for" 
scenarios, eh?


Joe (someone who's generally NOT a big fan of direct government intervention)

Disclaimer: all opinions strictly my own.

More information about the cryptography mailing list