[Ach] StartSSL for Business Sysadmins

ianG iang at iang.org
Mon Jan 13 18:10:38 CET 2014

On 13/01/14 16:22 PM, robin.balean at a-trust.at wrote:
> I find the CA bashing on this list a bit naive and irresponsible. 
> Surely the ACH document should be advising that non-serious CAs be removed from these lists instead of encouraging administrators to obtain their certificates from them.

Other than the delicious irony here, how do you propose to advise people
on what that means?  I mean, in particular, what is your algorithm for
discerning between the "non-serious" and the "serious?"

(I suspect that every CA removed isn't going to agree with your advice,
and I also suspect that the method for reaching a judgement will require
non-accessible specialist knowledge.  At best...  So it can't go in as
stated above?)


More information about the Ach mailing list