Matt Crawford writes: > The two CAs were not of equal "quality" (security and assurance How do you measure the effect of this "quality" on certificates? (Leaving aside the tools for doing authorization / eval on certificates, which are both lacking & out of scope imo.)