David E. Ross wrote: > Face it: some governments are corrupt. Others are not corrupt in the > sense of officials taking bribes and acting on their self-interests, but > they act in ways that western democracies might find offensive. In > this latter group are nations that practice or at least allow genocide > within their borders or that deny their citizens basic civil liberties.
And denying the citizens of other countries basic civil liberties by locking them up without trial on a Caribbean island is just fine and dandy... Of course, the UK can't talk. We are putting some of our citizens under "control orders", which is basically a way of denying your liberty without a trial as well. Still, both examples go to show that the bright line you draw isn't quite so bright. > Some would include those nations that stiffle dissent by censoring the > Internet; Such as the banning of auctions of Nazi memorabilia? > others would include nations that ignore international > treaties regarding patents and copyrights. Of course. When making the decision between saving your people's lives by making generic AIDS drugs, and respecting international patent treaties, clearly the right choice is... The line blurs further. > Across this wide spectrum, > what is common among all of these nations is a disregard for integrity > and ethical behavior. Can we trust them? Can we trust them when they > certify a CA? Can we trust a CA in their jurisdiction? Can we trust the integrity of an auditor in their jurisdiction? What's to prevent the NSA knocking on Verisign's door and saying "give us your root private key. And don't tell anyone we were here"? Why do you think rsync.net has a Warrant Canary? Many of our CAs are in the US. Yet there are people and governments out there who do not trust the US at all. So what are we to do? One possible answer is to say that the default Mozilla root store is not populated in a way that guarantees the privacy of your secrets from governments. If you wish to have such privacy, you may need to make changes to the store yourself. > How can you write an objective policy that allows secret government > certification of a CA and also weeds out governments that cannot be > trusted? How do you define "governments that cannot be trusted"? Gerv _______________________________________________ dev-tech-crypto mailing list dev-tech-crypto@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-tech-crypto
