Eddy Nigg (StartCom Ltd.) wrote: > Kyle Hamilton wrote: <wnip> >> I have not. I must point out, though, that Frank has essentially >> stated that it's impossible to remove an already-vetted CA. > Did Frank say that? I don't think so...
I didn't quite say that, but I can understand why Kyle interpreted my comments that way. What I have said in the past is that because of the impact of removing a root, particular a root that has lots of server certs chained up to it, we're not going to remove a root unless the security threat is high enough to warrant it, and in practice we're likely to set that bar pretty high. It's analogous to having a security vulnerability in Firefox's implementation of JavaScript; we're not likely to just disable JavaScript in order to fix the problem. Of course, with JavaScript problems we have the option of actually fixing the bug, and trying to do so in a way that affect existing JavaScript-based applications as little as possible. By contrast we seem to have but one option, removing the root and breaking things. However I'm not sure it's really that back and white. We can certainly make public comments and complaints about CAs, and can threaten to remove roots in some future release if problems were not fixed; in some cases just the threat might be enough. Also, if we had appropriate technical infrastructure for this in NSS or PSM, we could also put CAs into a form of "probation", where their roots were still included but sites chained to that root would be a warning message of some sort. (As always, if people think something like this would be worthwhile, we can always consider funding the work.) Frank -- Frank Hecker [EMAIL PROTECTED] _______________________________________________ dev-tech-crypto mailing list dev-tech-crypto@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-tech-crypto
