All of these CAs and browser vendors should read "Security and Usability" before they meet. I'm skeptical of the idea of a high-assurance certificate. How much more complex do we need to make the Web for users who don't (and never will) understand principles of security? After all, they shouldn't...

[ more ]