- From: Thomas Roessler <tlr@w3.org>
- Date: Mon, 30 Jul 2007 18:24:50 -0400
- To: Serge Egelman <egelman@cs.cmu.edu>
- Cc: Mary Ellen Zurko <Mary_Ellen_Zurko@notesdev.ibm.com>, public-wsc-wg@w3.org
On 2007-07-30 18:17:10 -0400, Serge Egelman wrote: > And again, how is the self-signed certificate any more > trustworthy than a low-assurance certificate? It would seem that > the best solution should be to *only* keep track of consistency. What's your definition of low-assurance? "unknown CA"? (In fact, you're probably right that the same unknown-CA cert seen over an extended amount of time should be seen as as good as a self-signed one, and be subject to the same kind of consistency tracking.) Cheers, -- Thomas Roessler, W3C <tlr@w3.org>
Received on Monday, 30 July 2007 22:24:51 UTC