-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 On 04/26/2014 10:26 AM, Erwann Abalea wrote: > Le samedi 26 avril 2014 15:29:26 UTC+2, Zack Weinberg a écrit : >> On 2014-04-26 4:51 AM, Erwann Abalea wrote: >>> Le vendredi 25 avril 2014 18:14:39 UTC+2, Zack Weinberg a >>> écrit : >>> >>>> Moreover, it is my personal opinion that as a matter of >>>> basic business ethics, this is a cost you (or rather, your >>>> insurance) should absorb, not your customers. >>> >>> Please define "customer". >> >> The people who receive(d) certificates from this CA. Why, do >> you think some other category of people is more appropriately >> considered a CA's customers? > > A customer is someone who *buys* goods/services from a business. > Buying involves money (or anything playing the same role).
Bullshit. If a business chooses to give some or even all of its services away free, those who benefit from those services are still customers and still in the same ethical relationship with the business as people who paid for services (perhaps the same service, perhaps not). In particular, the business may *not* duck out of ethical obligations incurred by circumstances beyond any customer's control (e.g. catastrophic bugs in software everyone relies on ;-) just because some of its customers are not *paying* customers. > All this is a money problem, and nothing is free. CAs should be carrying insurance to cover exactly this sort of low-probability-but-still-foreseeable, high-cost event. zw -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 Comment: Using GnuPG with Icedove - http://www.enigmail.net/ iQIcBAEBCAAGBQJTW9SmAAoJEJH8wytnaapkVYUP+gPeX63M/Zkc7XkwQvUX1GvN GWadUxZVD1PZDIHbyfudzlJgC+ru3AjPE33QV1hjZIY9Ez5MAgpUAkU+/Eav4J7K wP/a6y+oh1GNF+1uz1w8QVgOV1fVD2hMGw3LJdorGDpl76+w63Bsal3x9Z5P1UVm qDEiA23t4OOxVKJYhaDny84SzjNmIBePcYP4f0eke1kQqbnBXdu8bVaAlROVhxSn /DYbP9+xb67eOpHTp8gmywc3rEb7v2oEr0xZOl0BhzErUzzASe2Pxf8ibkh36OBG PhUn2F4vXariRFlyaGi5ZxPeQGj1Vs7q/trhFpnVI1wQIQwBolD7/Lh8SoigTt2N WyRKGfYQCg7K8xGslA3C4O7SM3k3hsjXHwrZlku/xpwgt9ArpkB/0KTW6IMgc6lD 4+NutuXSosZYv+b4GMn/Gje69pmaNXuww36jWuibQ2ZUGSR6ZYYrUQSqobWx52aT esZHnwQ+bwS7Zgqr+EZ81Vi0LINHihZUS6yL1wNswAMlDhvqJxMzuDEnY8GdgKvg yJ00fG9w8KPmE8rDSRr8J6vkpo7KH9k0ZNaOG1DRCBd3WJs6xexIMfP6G6xYxMi+ 3NwHSHGB5lQ+KMmaAFW7DZL66lhGvYIBcJqvAm9tjd6DCi25mD3SrkxJY/3bEoDS PpVaZ93c95iRd/DoChq2 =7HgX -----END PGP SIGNATURE----- _______________________________________________ dev-security-policy mailing list [email protected] https://lists.mozilla.org/listinfo/dev-security-policy
