| It seems to me that the benefits of this proposed change are minimal while the negative impacts to embedded systems are significant. Perhaps I've missed something? It should be understood that code signing is very important in the embedded space--just ask Tesla or Jeep/Chrysler or Nest or other IoT product developers. If we accept that premise, the question immediately becomes: How do we put together a good code-signing system and how does (should?) Mozilla products factor in to that system? If the decision is made to remove the code signing trust bit it sends a message that Mozilla does not want to (and will not) participate in this space. I think it would be a mistake to do so and that technology development would be worse off for it. (Probably even web and desktop app development would suffer.) However, if the decision is made to proceed with the removal I would recommend that Mozilla broadly publicize this change. There are no doubt many smaller consumers of these capabilities who will need to explore other solutions.
Proposal for version 2.3 of Mozilla's CA Certificate Policy:
Remove the code signing trust bit. If this proposal is accepted, then there would be follow-up action items that would need to happen after version 2.3 of the policy is published: 1) Remove any root certificates that do not have the Websites and/or Email trust bit set. 2) Remove references to Code Signing trust bits from Mozilla’s wiki pages. | ||
_______________________________________________ dev-security-policy mailing list dev-security-policy@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-security-policy
