In 1999, Netscape started charging something like $100,000/year + $5000 per root cert, before there were any audit requirements. I think the idea was to weed out those who couldn't afford to run a CA worthy of browser…
Complying with the audit is costly - both in direct costs to the auditors, and in implementing the infrastructure and policies and procedures to pass the audit.
It's the WebTrust audit for Certification Authorities: http://www.webtrust.org/certauth_fin.htm (warning: PDF)
AFAIK it was him - having developed the first non-US 128 bit crypto capable SSL web server called Sioux (basically, Apache + SSLeay) he was on all the same mailing lists as the Netscape crypto guys. He then realised…
In 1999, Netscape started charging something like $100,000/year + $5000 per root cert, before there were any audit requirements. I think the idea was to weed out those who couldn't afford to run a CA worthy of browser…
Complying with the audit is costly - both in direct costs to the auditors, and in implementing the infrastructure and policies and procedures to pass the audit.
It's the WebTrust audit for Certification Authorities: http://www.webtrust.org/certauth_fin.htm (warning: PDF)
AFAIK it was him - having developed the first non-US 128 bit crypto capable SSL web server called Sioux (basically, Apache + SSLeay) he was on all the same mailing lists as the Netscape crypto guys. He then realised…