I've asked Kathleen Wilson in future to convert the CA information
documents to PDF format before uploading them to Bugzilla. I've also
converted the information document for S-TRUST to PDF myself, and
uploaded it to bug 370627.
As for digitally signing these PDF documents, I think we need to do more
research on the implications of this. In particular, many people
(including myself) do not use Adobe software to read PDF documents, and
I don't know the extent to which digitally-signed PDF documents will be
generally readable.
Also, what's the threat model that would dictate digitally signing the
CA information documents? That someone posing as Kathleen or I is going
to upload bogus documents to Bugzilla? We're already relying on Bugzilla
authentication to protect general Bugzilla comments, and digitally
signing the information documents doesn't address protection of Bugzilla
comments. Besides, any such attempt would likely be quickly detected
when Kathleen or I upload documents ourselves.
Frank
--
Frank Hecker
hec...@mozillafoundation.org
_______________________________________________
dev-tech-crypto mailing list
dev-tech-crypto@lists.mozilla.org
https://lists.mozilla.org/listinfo/dev-tech-crypto
