On May 26, 2007, at 11:06 AM, Paul Hoffman wrote:
> If we adopt that model, they can. But, again, that's not what this
> thread was about. It was about Mozilla unilaterally constraining the
> names without asking the user based on a feature of the audit.
...versus an "all-or-nothing" trust? The security experts which make
the decisions for Mozilla work for Mozilla. I'm not entirely certain
there's a statement of crypto team guiding principles anywhere, but I
think this is fairly common-sense:
1) They must make the best judgement for individual user security
that they can,
2) in a fashion that is non-judgemental against potential trust anchors,
3) while reducing market-share attrition based on security
capabilities versus incapabilities.
MoFo already has a statement on what a CA must do in order to be
admitted to the distributed trust anchors. The problem comes when
MoFo can't verify claims of audit compliance.
If there's a governmental entity running it, then that government has
the right to say what is correct within its own country -- the
'government' is the entity in which all trust is placed, and the
authority from which the right of audit is derived. (Without
governmental structure, there is no accountability, and without
accountability, there's no reason to trust any claimed audit.)
The question outstanding is thus "does the governmental CA have any
provision for attempting to certify entities outside of its borders?"
If no, then the way to describe the limitation would be in the
Subject's "C" field ("C=FR"). If yes, then this entire discussion
becomes moot.
(Of course, the way X.509 was originally defined in the first place
was that each country would get a CA certificate derived from the
single, global trust anchor.)
-Kyle H
_______________________________________________
dev-tech-crypto mailing list
dev-tech-crypto@lists.mozilla.org
https://lists.mozilla.org/listinfo/dev-tech-crypto
