- From: Anne van Kesteren <annevk@annevk.nl>
- Date: Sat, 23 Aug 2014 12:07:48 +0200
- To: John Kemp <john@jkemp.net>
- Cc: Chris Palmer <palmer@google.com>, Jeffrey Yasskin <jyasskin@google.com>, Adam Langley <agl@google.com>, "Eduardo' Vela" <evn@google.com>, Mark Watson <watsonm@netflix.com>, Jim Manico <jim.manico@owasp.org>, "public-webappsec@w3.org" <public-webappsec@w3.org>
On Fri, Aug 22, 2014 at 11:06 PM, John Kemp <john@jkemp.net> wrote: > I simply think access to web platform features should not be limited to > those servers who have paid some (pretty small) amount of money to someone > else the user doesn't actually know to vouch for them that they should have > the user's trust in these matters using a technology (with all due respect > to your work, and others) that _outside of additional non-technical context_ > does not provide enough of a guarantee of secure mutual authentication. I just reread your earlier emails and I'm still not entirely sure what you are getting it. A pointer to more information would be appreciated. The whole setup of the CA system seems to be that they verify that the person that owns a domain gets a key. -- http://annevankesteren.nl/
Received on Saturday, 23 August 2014 10:08:15 UTC