Gervase Markham wrote: > Paul Hoffman wrote: >> The current thread is about a proposal that says, in essence, "we are >> willing to accept a secret audit of a trust anchor that we cannot see >> from a national government security agency, but if we accept that, the >> trust anchor can only bind identities that contain a domain name in that >> nation's TLD; trust anchors with non-secret audits can bind any type of >> identity". To me, the first part is too much of a leap. I agree with >> others who say "no secret audits", and the corollary to that is that all >> trust anchors can bind any type of identity. > > But what is a "secret audit"? Frank makes a good point when he says that > the amount of a WebTrust audit that we can view (the audit report and > management assertions) are far from the complete contents of the audit > report. > > Essentially, a WebTrust audit is the auditor saying "We checked, and > they do what they say". In this case, we have a government saying the > same. The question is: is that an identical situation (in which case we > should allow these certs in unconditionally) or is it different in some > way? But one way it's not significantly different, to my mind, is the > amount that we know about the audit. > >> - Without seeing the audit, we have no idea whether the security used by >> the agency would pass muster for the identities being bound. This means >> that the standards we hold VeriSign to for certificates whose identities >> are in .kr different than the standards we hold KISA to. When the user >> goes to foo.kr, they can't tell what level of security Mozilla chose for >> the certifier. > > They know that either Mozilla or the Korean Government are happy with > it. If they don't trust us, they shouldn't be using our software. If > they don't trust the Korean government, it's a bit unwise to be doing > "secure" transactions with websites in .kr. > >> - There are plenty of companies in Korea that are identified by domain >> names outside of the .kr TLD. It is incredibly inconsistent for us to >> say "we trust you for identities in this TLD but not that one" when what >> little we know about their audit has absolutely nothing to do with their >> ability to discern between companies using one TLD versus another TLD. > > Our trust restriction is based on where the auditor has authority to > pronounce a set of procedures "good enough". The Korean government has > authority to do so for Korean companies. "Companies with websites in > .kr" is (fairly closely) a strict subset of that group. Therefore, by > restricting to .kr, we are not allowing the CA to overreach the trust we > feel we can put in it. It may underreach, but that's just the way it is. > > Gerv
Face it: some governments are corrupt. Others are not corrupt in the sense of officials taking bribes and acting on their self-interests, but they act in ways that western democracies might find offensive. In this latter group are nations that practice or at least allow genocide within their borders or that deny their citizens basic civil liberties. Some would include those nations that stiffle dissent by censoring the Internet; others would include nations that ignore international treaties regarding patents and copyrights. Across this wide spectrum, what is common among all of these nations is a disregard for integrity and ethical behavior. Can we trust them? Can we trust them when they certify a CA? How can you write an objective policy that allows secret government certification of a CA and also weeds out governments that cannot be trusted? -- David E. Ross <http://www.rossde.com/>. Anyone who thinks government owns a monopoly on inefficient, obstructive bureaucracy has obviously never worked for a large corporation. © 1997 _______________________________________________ dev-tech-crypto mailing list dev-tech-crypto@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-tech-crypto