On 2015-03-31 03:34, Peter Gutmann wrote:
More generally, a second informal requirement for being in a browser, alongside "Don't sell only a small number of certs" (to meet the TB2F criteria required by browsers if something goes wrong)
You seem to be under the impression that the number of issued certificate is a deciding factor for being too big 2 fail, and then think it's larger than 10K. That might well be the case, but I think what you're basing it on is just wrong. The 10K you talk about is 10K validations (or connections) that saw such a certificate, out of 10G, or about 1 per million (1 ppm, 0.0001%). It's not about different certificates. I would also not say that you need more than 1 ppm of connections to be too big to fail, but rather that 1 ppm is clearly lower then the threshold.
But like with lots of things, like enforcing 2048 RSA keys, you have to have a point where you're willing to break things, and I really hope that that threshold is a few factors higher than the 1 ppm.
> seems to be "Don't be Chinese or
Arab/Persian/Turkic". I don't know if any Russian/Byelorussian/Ukrainian/*stani CAs are present in browsers, but I'm guessing being one of those won't help your case either.
I know there are people who don't trust some governments. And there are some very vocal people on this list and other places that don't trust the Chinese government. But I haven't seen Mozilla take decisions based on that.
I think the best thing we can do is make technical changes so that we don't need to trust those governments. And I think CT is a big step in that direction.
Kurt _______________________________________________ dev-security-policy mailing list [email protected] https://lists.mozilla.org/listinfo/dev-security-policy
