Re: Pre- and Post- controls

2009-01-04 Thread Eddy Nigg
On 01/04/2009 09:27 PM, Daniel Veditz: Eddy Nigg wrote: On 01/04/2009 10:20 AM, Eddy Nigg: On 01/04/2009 04:48 AM, Ian G: On the punishment side, about all we have is "drop the root!" which I earlier described as a blunt weapon. Are we being sensible when we now have to "drop the root" for the

Re: Pre- and Post- controls

2009-01-04 Thread Eddy Nigg
On 01/04/2009 09:34 PM, Daniel Veditz: Florian Weimer wrote: EV is (also) an attempt to devalue existing infrastructure, so it's some form of group punishment. It also provides browsers with a slightly less blunt weapon. If a CA clearly violates EV guidelines the browser could remove the EV-ne

Re: Pre- and Post- controls

2009-01-04 Thread Daniel Veditz
Florian Weimer wrote: > EV is (also) an attempt to devalue existing infrastructure, so it's > some form of group punishment. It also provides browsers with a slightly less blunt weapon. If a CA clearly violates EV guidelines the browser could remove the EV-ness of the root without removing the roo

Re: Pre- and Post- controls

2009-01-04 Thread Daniel Veditz
Eddy Nigg wrote: > On 01/04/2009 10:20 AM, Eddy Nigg: >> On 01/04/2009 04:48 AM, Ian G: >>> On the punishment side, about all we have is "drop the root!" which I >>> earlier described as a blunt weapon. Are we being sensible when we now >>> have to "drop the root" for the three CAs who have reporte

Re: Pre- and Post- controls

2009-01-04 Thread Florian Weimer
* Ian G.: > So what to do? Should "Mozilla" become "the judge" in the post-event > phase? Do we leave this job to the courts? Should we group together > on this list and pass final judgement? Should we all vote? Demand > changes? Should we implement California rules -- 3 strikes and the > ro

Re: Pre- and Post- controls

2009-01-04 Thread Eddy Nigg
On 01/04/2009 10:20 AM, Eddy Nigg: On 01/04/2009 04:48 AM, Ian G: On the punishment side, about all we have is "drop the root!" which I earlier described as a blunt weapon. Are we being sensible when we now have to "drop the root" for the three CAs who have reported problems? Oh btw. where do

Re: Pre- and Post- controls

2009-01-04 Thread Eddy Nigg
On 01/04/2009 04:48 AM, Ian G: On the punishment side, about all we have is "drop the root!" which I earlier described as a blunt weapon. Are we being sensible when we now have to "drop the root" for the three CAs who have reported problems? Actually we've discussed this issue just recently but

Pre- and Post- controls

2009-01-03 Thread Ian G
On 3/1/09 17:41, Florian Weimer wrote: I can understand that point of view. But what you seem to be asking is that browser vendors take the role of judges, regulating CA behavior. Shouldn't that be better left to the court system, keeping Mozilla out of the loop? What advantage does Mozilla ga