On 20/1/09 01:22, Eddy Nigg wrote:
On 01/19/2009 12:52 PM, Ian G:
Mozilla is resolving disputes. It just hasn't said it, nor thought about
how it is doing it.
Well, it's my point that I think that Mozilla doesn't, hasn't and
shouldn't resolve disputes. However, continue below....
* document what's going on and improve it
* back out
Neither. I'd rather would suggest procedures and rules how certain
issues should to be dealt with. If this is the improvement you are
seeking, than I'm with you. However I believe that it must be
Mozilla/User centric to the benefit of both.
So far, no dispute :)
This is what I believe Mozilla cares.
Mozilla doesn't need to resolve disputes, it must know
what to do under certain circumstances in order to protect itself and
its users. Those are two different kind of things.
OK, so let's say you are Mozo, coz you know what they care about, and it
is YOUR DAY IN COURT! Because you care.
Imagine a CA has sued you, and a bunch of users are lining up a
class-action. The rest of the CAs are up in arms about the favouritism,
and the media smells blood. The lobbying and public opinion thing is in
full swing [1].
Now, explain to the judge what the difference between a dispute and
protecting self and protecting users is?
* having our cake and eat it too
Yes :-)
Besides, why should Mozilla care beyond that?
Oh, it doesn't need to. Unless it has a mission about protecting
end-users. Unless there's business involved. Unless it ends up in
court. Unless there is a claim of security, and a promise of
protection. Unless there is doco saying this is important. Unless
there is a duty, or an asymmetry, or a process. Unless they have
imposed something.
I mean, it is really easy to create a strategy where we don't need to
care, we ... just don't care about things.
* find ourselves in court
Well, Mozilla has a legal department and lawyers taking care of it
should need arise.
Ah. Add another one to the list!
* pass the buck, they got the money.
Actually, I disagree. They don't have the lawyers, and the first one
who tries this *will* have the lawyers.
Who really has the lawyers?
Of course. All those things will happen, as long as the root isn't
removed.
No, I think that's not correct. This comment is perhaps most authentic
in this respect: https://bugzilla.mozilla.org/show_bug.cgi?id=470897#c24
Authentic it a good word!
I see some techies discussing a dispute without being aware of what they
are doing. This is normal when there is no policy or business angle.
It's cool and fun in an open source context, because business doesn't
matter; the wonderful open source invention separates the business out
of the code perfectly.
However, we aren't talking about *code* but about *business*. They are
unaware that they've drifted out of their familiar territory.
So, what we got? A bunch of slashdotters, itching to wipe out a
business, they know where the kiloton-revoke button is, and they want to
push it? But they haven't a clue about the megaton-response button that
their competitor has.
An authentic disaster in the making, is that your point?
It has to get into the business in order to use that right. If it just
reserves the right, and doesn't use it, no problem.
I simply don't get it...why the h*** does Mozilla have to put itself
into such a position between two different parties with arbitration? All
it cares is itself and its users!?
Well, you've laid it out better than I could :)
The point here is not how it is done, but something is done; which was
why I started documenting it.
Either Mozo does something, or it loses control. If for example, the
process ends up in courts [2] then the courts will throw out Mozilla's
interests, the end-users' interests, likely every other CA's interests
as well. I guarantee it, or sue me :)
Security is a non-starter. After a court has finished listening to the
security experts of both sides, you'll wish you never uttered the word.
One advantage of having Mozilla resolve most disputes is that it
actually understands [3] the business. And the end-users. And the CAs.
And the certs. And the politics. And the conspiracies. And the
cartels. And the mistakes.
Good luck on trying to bring a judge up to speed on all that. I'm glad
you know about that *lots of money* thing, it's going to be needed.
iang
[1] Interesting article... may be germane or may be not:
http://www.wired.com/techbiz/it/magazine/17-02/ff_killgoogle?currentPage=all
[2] another little question, which court?
[3] at least, it has a good chance of doing this, arguably better than
others.
_______________________________________________
dev-tech-crypto mailing list
dev-tech-crypto@lists.mozilla.org
https://lists.mozilla.org/listinfo/dev-tech-crypto
