On 24/03/15 05:29 PM, Ryan Sleevi wrote: > > I also think extreme care is needed before proposing blanket > zero-tolerance policies. It's no accident that no program spells those out > - it's a recognition of complexities. Even the few places in the Baseline > Requirements that spell out hard actions - such as revocation periods - > have and do cause real and painful service disruptions, and need > revamping.
There's no service disruption caused by not trusting any certs from the CA created after say, 3 weeks from now. They utterly failed to comply with numerous rules and if those policies have any real teeth behind them their time as a trusted root is over. If it remains as a trusted root, it's simply demonstrating to every other CA that compliance with those policies is unimportant as has been done in the past. They can come back to the table and ask for inclusion again after they fix the problems that led to this situation. All of the cards are in the hands of the browser and OS vendors. You can tell them they have to open-source their infrastructure's code so it can be audited for compliance before adding them back. Either the CA complies or it's essentially dead. You can tell them they have to implement Certificate Transparency. The blame is on entirely on the maintainers of the trust stores when the system fails like this because they have *chosen* to create this situation. The CAs will comply with the rules you create because their livelihood depends on it. If they don't, there are *plenty* of people / businesses who would be happy to take their place.
signature.asc
Description: OpenPGP digital signature
_______________________________________________ dev-security-policy mailing list [email protected] https://lists.mozilla.org/listinfo/dev-security-policy
