Mozilla are Recognized as Most Trusted Internet Company for Privacy and I think we can exploit this potential for good if we do a certification authority. Doing that we can get revenues and help the world to have a trusted web.
After Heartbleed and Internet surveillance issues denounced by Snowden and Assange people and organizations are more interested in security issues, is a good time to explore this market and Mozilla can play a fundamental roll there, maybe Mozilla can become « The Certification Authority » for the Internet Operative System.
For now is a brain storm. I can elaborate a more complete proposition but I will explain the process and user experience with this example related with online banking:
TheBank: Hello, I’m TheBank, my business to is do money with financial services, I’m not an expert in Internet like Google or Mozilla but I have to offer web services like online banking because people are going in this direction and we can’t lost this market. I trust my IT-Infraestructure team and Outsourcing company to do this job.
Outsourcing: Hello, our business is do money developing beautiful software applications, our commercial team is aggressive and they got a project to develop the online banking app for TheBank. Last week we lost the most important members in our security team but we can’t go back with this project.
IT-Infraestructure: We maintain TheBank infrastructure where the online banking application developed by Outsourcing run, we are not good like people working for Internet companies but we do our best, we pay to UnknowNameCA verify TheBank identity online with a digital SSL certificate for banking.thebank.com
User: Hello, my name is User, I have an account in TheBank and I trust when I see the https:// in my browser with a padlock
UnknowNameCA: Hello, we are UnknowNameCA, my business is to sale SSL certificates ever if regular people doesn’t know who I am, they trust in sites using SSL certificates provided by me when they see the https:// in their browser with a padlock like TheBank online banking site.
As you can see we have two problems in this ecosystem, the first is related with Certification Authorities, a good example is the case related with DigiCert SDN if people trust us, why not go ahead in this market?
The second problem is: verify the identity is not a guarantee of security, applications developed without security practices and bad deployments can show a nice green certificate :( I think we can propose something to improve the user experience and understanding of risks and secure environments in Internet, like a new kind of digital SAS70 or ISO 27001 certification included in the SSL certificate with a visual identification. That can made the difference in the beginning between us and others.
Comments are welcome, this is only one idea because I <3 Mozilla and I we need to find sustainability options if we wan to continue with our mission.