According to my mail client, Ian G wrote on 2008-12-17 04:11 PST: [paraphrasing liberally: Europeans let their legislatures do their engineering.]
Lot of countries have created their own legislation or regulation for security software, and then sat back and waited for others to implement their designs ... and waited ... and waited ... and waited ... This may well be just another case. > Now, what do you do about it? Mozo is in a difficult position. No, not a bit. The governments in most countries are accustomed to being obeyed unquestioningly. They act astonished when NONE of the popular browsers implement the requirements they try to impose. Tsk tsk. Mozilla (indeed, all browsers) have successfully ignored lots of silly regulations from individual countries. A good example of that is regulation that requires the CAs in one country to put into their certs a monetary limit on the financial value of the transactions done that use those certs, a limit using the nation's own monetary units, and to require any software that uses those certs to dishonor those certs until they are prepared to enfore those limits. Mozilla software happily dishonors all those certs. There are other examples as well. > As we have discussed in this group before, Mozo's principle is to pass > these questions across to the standards committee. > For sake of argument, this would be the PKIX committee. Wrong, but nice try. > However, national law trumps standards committees. LOL. > I wish it were different. But, it isn't. So, some country says "our citizens must use browsers that do this", and no browsers do this, and eventually the country realizes that they must relent or else have their citizens live in the dark ages. Eventually they relent. That's what happened to the requirement about the monetary limits in certs. The monetary limits are still there, but are now marked as saying that the software that uses those certs is now free to honor those certs even if it ignores those limits, and browsers all do so. _______________________________________________ dev-tech-crypto mailing list dev-tech-crypto@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-tech-crypto
