On Thu, Sep 10, 2015 at 05:54:22PM -0500, Peter Kurrasch wrote: > It should be understood that code signing is very important in the > embedded space--just ask Tesla or Jeep/Chrysler or Nest or other IoT > product developers. If we accept that premise, the question immediately > becomes: How do we put together a good code-signing system and how does > (should?) Mozilla products factor in to that system?
Which embedded vendors are using the Mozilla root store to validate code signatures? Heck, which embedded vendors are using the X.509 PKI model of code signatures in their products? > If the decision is made to remove the code signing trust bit it sends a > message that Mozilla does not want to (and will not) participate in > this space. How so? Mozilla is sending a very clear signal that is wants to participate in the code signing space, by making all plugins be signed by Mozilla. What Mozilla is signalling with *this* proposed change is that Mozilla currently does not have robust policies around verifying the acceptability of root certificates for the purposes of code signing, and feels it would be better to stop pretending that they do. > I think it would be a mistake to do so and that technology development > would be worse off for it. (Probably even web and desktop app development > would suffer.) As the Wikipedians say, [citation needed]. In what plausible way will technology development be worse off because Mozilla stops saying, "these root certificates are trusted for code signing"? - Matt _______________________________________________ dev-security-policy mailing list [email protected] https://lists.mozilla.org/listinfo/dev-security-policy
