On 06/07/15 15:34, Ben Wilson wrote: > =P7-TA-2014-0282> &language=EN&reference=P7-TA-2014-0282, I was asked (by > someone in the audience and not by anyone specifically representing EU > governments) to relay a message that some European supervisory bodies would > like browsers and OS providers to enable and support an additional trust > list or trust store, specific to the EU, for those Trust Service Provider-CA > entities that are accredited to issue digital certificates in the EU.
Hi Ben, I realise you are just passing on a message, so this should not be taken as shooting the messenger! I will outline briefly why this request would be, er, problematic: * "specific to the EU" - how do we tell if a particular connection is going to a website in the EU? On-the-fly IP-based geolocation? This isn't really possible. Not all websites in EU country TLDs are EU-based, and many in e.g. .com are EU-based. There is no way to do this; the new CAs would have to be trusted universally for certs with whatever special marking the EU has in mind. * This proposal would involve Mozilla delegating responsibility for who Firefox trusts to whoever makes the list of accredited EU TSPs. As we noted in our letter to the US committee, we value our transparent and open process for deciding who we trust, and our control of that process is very important to us. Gerv _______________________________________________ dev-security-policy mailing list [email protected] https://lists.mozilla.org/listinfo/dev-security-policy
