In response to one of my postings on High Assurance SSL, I recently received this (slightly paraphrased) question:
Why not make domain authentication SSL Certificates invalid?
Surely if the browsers can set a new standard for high assurance ssl, they can set one for ALL of ssl!
Certainly that is within their ability, but as I stated, they have never shown any particular interest in doing so. VeriSign has always maintained the industry's highest standards of authentication, physical and network security, and process reliability. We always have tried to be an example to the CA community for how these things are done and have encouraged the full CA community to increase their procedures and practices. We welcome the involvement of anyone else - browser manufacturer or otherwise - who wants to put pressure on CAs to keep their standards high.