Le lundi 5 octobre 2015 19:36:03 UTC+2, Peter Kurrasch a écrit : > TL;DR... [...Peter and Ryan more than disagree...]
Please, stay cool, kiss each other. > Let's consider a (hypothetical) situation where I'm a manufacturer of > anti-lock braking systems that go into cars made by 5 different companies. If > I need to update the controller software for thousands of cars already on the > road, it can be a pretty complicated task but it would be good to know I at > least have a straightforward means to do it. Viewing this as an ecosystem > isn't all that great since I could have 5 (maybe more?) such ecosystems to > deal with. Viewing this as an autonomous system gets complicated since there > are other systems on the car that my anti-lock braking module needs to work > with and there's no clear delineation to be made. > > How the auto industry should solve a problem like this is not for me to say. > In fact I would suggest it's the height of arrogance for anyone in this forum > to dictate the ways in which these manufacturers may solve problems. My > contention is that we should allow viable solutions to remain viable, and a > Mozilla-maintained trust store is a component of one possible solution. In that case, the car manufacturer cannot trust ANY controller software update signed by a CA linked to the Mozilla trust store. This software update must be originating from the anti-lock braking manufacturer only. Mozilla doesn't play any role here (Microsoft or any other third party either), the authenticity and integrity of the software update doesn't necessarily involve an asymetric signature, and the binding between the signer's identity and its key doesn't need to be an X.509 certificate (the automotive industry is currently defining at least 2 certificate formats, and at least 2 different PKI models, one for US and EU). This is not representative of what a Mozilla-operated trust store can play a role in. I appreciate the public reviews, public announcements, public disclosure, etc, as Mozilla runs its program. I hope this hypothetic car manufacturer will take similar measures to ensure everything's going right. But all this is time consuming, and if there's no benefit for Mozilla or Mozilla's users, why should it be Mozilla's burden? _______________________________________________ dev-security-policy mailing list [email protected] https://lists.mozilla.org/listinfo/dev-security-policy
