On Mon, October 20, 2014 7:17 am, Anne van Kesteren wrote: > On Mon, Oct 20, 2014 at 3:41 PM, Gervase Markham <[email protected]> wrote: > > Perhaps we just need to jump that gap and accept what is /de facto/ > > true. > > Yeah, as with publicsuffix.org we should own this up. >
I would, in fact, argue strongly against this, despite recognizing the value that the open root program has. The decisions made for the root program are directly tied to the capabilities and behaviours of the Mozilla software package it's distributed with - in particular, Firefox. The behaviours, limitations, bugs, and features of Firefox/NSS (e.g. including both NSS and mozilla::pkix) play very heavily into the discussion and maintenance of the root program. Consider the 1024-bit root removals. For NSS and mozilla::pkix using applications, a known set of tradeoffs were made to minimize any backwards compatibility issues. However, a large number of programs with sub-optimal to non-existent chain building and discovery algorithms (read: OpenSSL) experienced issue, because the software was too dumb to discover paths to the 2048-bit roots. Accepting the Root Program as a product for "general" PKI purposes inherently means such flawed behaviours are in scope and "supported", equivalent to public API surfaces. Having to weigh such considerations when making decisions about how best to secure the public Internet, and Firefox users at large, is not a desirable point to be. I have seen plenty of bungled attempts at repackaging the Mozilla list, and I have zero faith that having an 'official' supported way would in any way reduce the bungling. In many cases, the bungling is done by well-intentioned people with ideological axes to grind, rather than people who understand the issues at play. Adding roots that have never been audited, re-adding removed roots that haven't been audited for years, botching the trust records, etc. Consider this (long) email an encouragement to "caveat repackager", and say that it's only supported when used with the Mozilla product it's packaged with - NSS and Firefox. Maintaining a trust store for multiple PKI products, with differences in behaviour, nuance, and bugs, is not a scalable operation. _______________________________________________ dev-security-policy mailing list [email protected] https://lists.mozilla.org/listinfo/dev-security-policy
