Paul Hoffman wrote: > - Without seeing the audit, we have no idea whether the security used by > the agency would pass muster for the identities being bound. This means > that the standards we hold VeriSign to for certificates whose identities > are in .kr different than the standards we hold KISA to. When the user > goes to foo.kr, they can't tell what level of security Mozilla chose for > the certifier.
The very nature of government is that it has the power to identify the entities within its jurisdiction. Whether the government is competent at their job is irrelevant. It is necessary for the basic functioning of modern society for me to trust the French government (or it's designated representative) to verify the identity of French persons/corporations. > - There are plenty of companies in Korea that are identified by domain > names outside of the .kr TLD. It is incredibly inconsistent for us to > say "we trust you for identities in this TLD but not that one" when what > little we know about their audit has absolutely nothing to do with their > ability to discern between companies using one TLD versus another TLD. Why is this inconsistent? If a Korean wishes to be identified with a .com domain (for example), they should use a CA that is publicly audited for global identification. I prefer to think of this in terms of limiting expoure: the Korean government should have the ability to define our trust of the .ko domain, but not our trust of non-.ko domains. --BDS _______________________________________________ dev-tech-crypto mailing list dev-tech-crypto@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-tech-crypto
