Re: Proposal : Installable trusted CA list
Roger, rhkelly wrote: So this proposal would be that Mozilla would get away of imposing to all users a single built-in trusted CA, but instead distribute several trusted CA list, with a description of the origin of each list, how it is created, and let the users decide what is best for them. This is clearly the way to do it. In addition, the format of such list should be defined and documented, so that special-interest user communities can become their own trust-list publishers. That's a totally different proposition. What's being discussed is the content of one or more built-in trusted certificates list. Currently, the one built-in in list is contained in a PKCS#11 module that's compiled at the same time as NSS. This is a platform-specific file, and is not suitable for download or user installation. It's already been pointed out that it's very difficult for the user to make rational trust decisions about a single root CA when connecting to a site, and making decision about lists of multiple root CAs at download time are even harder to make than for one. Several formats already exist to distribute more than one certificate, such as PKCS#7. It would be up to Mozilla to bring up trust dialogs for each of the certs in the package. I don't know if it does that now, I have not tried creating a PKCS#7 of multiple root CA certs. But I think it would not be a good idea to have Mozilla trust all the certs in a package. Just giving this option is inviting security risks. Who is going to be able to really verify the entire list, if they don't even know how to trust one ? Clearly the better model is to have the trust pre-installed in the client. That may mean using non mozilla.org-binaries in some applications (eg. government, corporate) with an alternate built-in root cert module, but it is much more secure than having the user install the trust manually afterwards. ___ mozilla-crypto mailing list [EMAIL PROTECTED] http://mail.mozilla.org/listinfo/mozilla-crypto
Re: Proposal : Installable trusted CA list
Nelson B wrote: John Gardiner Myers wrote: Configurability is no excuse for the lack of a good default. The point is not trying to get away from working out a good default. It's about recognising the fact that security/trust is something very personnal, and different users might have different needs. End users generally have no interest or competence in deciding CA trust issues. I totally agree with you on that point, John. Again, this is not about end user deciding themself what CA they trust. It's about them deciding who they trust to tell them what CA to trust. Here you decide that if they like Mozilla, the browser, they must like mozilla.org the trusted CA list establishing organization, which is not the same thing. But that's OK if you disagree with the idea. I described it, explained the motivation, and if someone else likes it more, they can choose to implement it on their own distribution. ___ mozilla-crypto mailing list [EMAIL PROTECTED] http://mail.mozilla.org/listinfo/mozilla-crypto
Re: Proposal : Installable trusted CA list
John Gardiner Myers wrote: Configurability is no excuse for the lack of a good default. End users generally have no interest or competence in deciding CA trust issues. I totally agree with you on that point, John. -- Nelson B ___ mozilla-crypto mailing list [EMAIL PROTECTED] http://mail.mozilla.org/listinfo/mozilla-crypto
Proposal : Installable trusted CA list
This proposal is related to all the discussion about how to select the correct list of root CA for Mozilla, but is a slightly different way of looking at things. The idea is that there is no way of selecting a single list of CA that will make everybody really happy. On the other hand, any solution where the use has to decide on a one by one CA level is not manageable. So this proposal would be that Mozilla would get away of imposing to all users a single built-in trusted CA, but instead distribute several trusted CA list, with a description of the origin of each list, how it is created, and let the users decide what is best for them. This list should of course be made short and in a way so not to confuse the users. The first item in the list would logically be the AICPA list, with the indication it's the same list as IE. Then could come a more open list, that a CA could get it without paying as much as in AICPA list, and that maybe could reject some AICPA members based on the motive of recorded misbehavings. Technically if this is done during install, the install just has to replace the default built-in cert file with the one selected. So, this does not ask for change in PSM/NSS. Maybe some more items on the list would be useful, like same as old Netscape 4.7. The list might end with a link to a page having a more comprehensive list. Of course, that page would then include instructions on how to change the trusted list after installation. (or/and have an about:trust that points to this page ?) PS: In fact, the mechanism I propose here is not something I first thought about in this context. The problem of not been able to choose a single universal list is similar in Apache for the file extension/Mime-type association in mime.conf file, that today has very selective filters for entry. They make many people, and in fact even Mozilla, unhappy. ___ mozilla-crypto mailing list [EMAIL PROTECTED] http://mail.mozilla.org/listinfo/mozilla-crypto
Re: Proposal : Installable trusted CA list
Jean-Marc Desperrier wrote: This proposal is related to all the discussion about how to select the correct list of root CA for Mozilla... So this proposal would be that Mozilla would get away of imposing to all users a single built-in trusted CA, but instead distribute several trusted CA list, with a description of the origin of each list, how it is created, and let the users decide what is best for them. This is clearly the way to do it. In addition, the format of such list should be defined and documented, so that special-interest user communities can become their own trust-list publishers. Roger ___ mozilla-crypto mailing list [EMAIL PROTECTED] http://mail.mozilla.org/listinfo/mozilla-crypto
Re: Proposal : Installable trusted CA list
Configurability is no excuse for the lack of a good default. End users generally have no interest or competence in deciding CA trust issues. ___ mozilla-crypto mailing list [EMAIL PROTECTED] http://mail.mozilla.org/listinfo/mozilla-crypto