On 3/26/07, Paul Hoffman <[EMAIL PROTECTED]> wrote: > At 10:10 AM +0000 3/23/07, Gervase Markham wrote: > >Kyle Hamilton wrote: > >> The Mozilla Foundation is the authority which determines whether a > >> given root certificate is included in its default certificate list. > >> If you're going to assert that it's "provable", you suddenly create a > >> lot more liability for the Foundation -- because it's not provable. > >> For example, if you upgrade Firefox, does the root certificate store > >> get replaced? > > > >Yes, potentially. > > If true, this is a security bug. If I have removed FooCA because they > have been proven untrustworthy, and the Mozilla Foundation adds it > back in when I do a needed update for security reasons, that is a > violation of basic security principles. > > If the cert store gets replaced *silently*, that is a horrible security bug.
You mean like Thawte, which started issuing domain-validated certs under a root with a CPS that stated that it would only be used with certificates with a higher degree of identity assertion? (Granted, this was after it was acquired by Verisign, but that doesn't change the fact that the company violated the root's CPS, was informed of it over a year ago, and has never resolved the issue. The last I had heard was "I'll bring this up with the company lawyers.") -Kyle H _______________________________________________ dev-tech-crypto mailing list dev-tech-crypto@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-tech-crypto
