On Mon, May 18, 2015 at 10:32:05PM -0400, Eric Mill wrote: > On Mon, May 18, 2015 at 9:15 PM, Matt Palmer <mpal...@hezmatt.org> wrote: > > I disagree that "we, the browsers and standards bodies of the Internet" > > have > > very different leverage. In either case, if a CA misbehaves, their root > > certs can be pulled from the trust store (or otherwise neutered). That > > doesn't change because the CA is run by a corporation or a government. > > Except that corporations and governments have totally different options > available as responses to this threat. A government without a trusted CA > has many paths to ensuring its root certificate appears on the browsers > and/or OSes of computers in its country. > > There are also multiple trusted root programs, and a government can mandate > the use of the one that works with them most collaboratively. > > A government may also view the removal of their root certificate as less > severe than a corporation would. For a commercial CA, the removal of their > root certificate is death (at least to their certficate business). For a > government, it may be only an inconvenience, and may not lead to the > shutdown of any operation depending on it. There are no market forces with > governments. > > A commercial CA caught betraying sites or users may be abandoned by the > market, or its owners sued or even imprisoned. A government CA caught doing > something similar is unlikely to be held to the same account.
I don't see the relevance of anything you wrote, to the perspective of "we, the browsers and standards bodies of the Internet". We're not here to solve all the ills of the world; we're here to generate policy for determining which organisations can be trusted with skeleton keys to the Mozilla-using parts of the Internet. - Matt _______________________________________________ dev-security-policy mailing list dev-security-policy@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-security-policy
