If Frank's desire to balance user benefit from keeping the root in with user security by taking the root out is to be upheld, then there needs to be a way to notify the software user that there is a valid complaint against the operator of the CA in question.
If it drives business away from the CA in question (because the owner of the site doesn't want to have to deal with the warning every time she browses to it using Firefox), well, that's the CA's own fault. The setting of that bit should encompass the following: 1) A complaint has been made, 2) Mozilla has examined the complaint, and 3) Mozilla has found good cause for believing that the conduct of the CA has violated its root CA policy. Thus, such a statement would not (and could not) be made until Mozilla has done its own due diligence, and thus such a statement would not be libelous. (I wish that Mozilla's general counsel was on this list.) -Kyle H On Thu, Dec 25, 2008 at 3:21 AM, Michael Ströder <mich...@stroeder.com> wrote: > Eddy Nigg wrote: >> On 12/23/2008 09:09 AM, Kyle Hamilton: >>> Of course, this would be an NSS change (the addition of a 'trust >>> suspended' bit, >> >> I think this to be an interesting idea and should be considered. > > I really wonder why there should be one state more. And how is it going > to be set (updated)? A cert is either trusted or not. Period. > > Ciao, Michael. > _______________________________________________ > dev-tech-crypto mailing list > dev-tech-crypto@lists.mozilla.org > https://lists.mozilla.org/listinfo/dev-tech-crypto > _______________________________________________ dev-tech-crypto mailing list dev-tech-crypto@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-tech-crypto
