On Thu, May 26, 2016 at 12:23 PM, Ryan Sleevi <[email protected]> wrote:
> On Thu, May 26, 2016 at 7:40 AM, Peter Kurrasch <[email protected]> wrote: > > My suggestion is to frame the issueā€ˇ as: What is reasonable to expect of > a > > CA if somebody sees bad stuff going on? How should CA's be notified? What > > sort of a response is warranted and in what timeframe? What guidelines > > should CA's use when determining what their response should be? > > > > All of this is worthy of discussion, but it's gonna get complicated. > > With all due respect, a number of the items on your list are > orthogonal to certificates - they're a discussion about "bad" things > you can do if "encryption" is possible / if "privacy" is possible. I > don't think it's ignorance about how encryption can be used to do bad > things, it's a valuation that the *good* things > encryption/confidentiality/integrity enable far outweigh the bad. We > saw this in the First Crypto Wars, and we're seeing this now, arguably > the Second Crypto Wars. > > You haven't actually addressed how or why CAs have a role to play here > - it's presented as a given. You recognize there's nuance about > expectations, which is an open question, but you're ignoring the more > fundamental question - do CAs have a role to play in *preventing* > encryption, or is the only role they have to *enable* encryption. > > While not speaking for Mozilla, I think the unquestionable desire from > some here is to find ways to increase encryption, but not to introduce > ways to prevent encryption - whether through means of policy or > technology. > What has encryption got to do with it? The reason the WebPKI exists is for authentication. Encryption is a secondary concern that is only required because the credit card protocols are lame and people use passwords for authentication which is also lame. The WebPKI model was two stage. First we make it difficult for people to gain unlimited numbers of credentials. There is a cost to acquire a certificate that is (hopefully) low for a legitimate user but makes it uneconomic for a criminal to treat them as disposable. The second stage is revocation of credentials when the holders do bad things. Such as running a phishing site, signing malware, or the type of thing listed above. The design brief was to make electronic commerce possible. That is why the system is designed the way it is. in particular the threshold requirement was to make online shopping 'as safe' for the consumer as bricks and mortar stores or traditional MOTO transactions. Now the problem here is that there are also folk who just want to turn on encryption and that is all and they don't care about doing online commerce or banking. They just want to keep their email secret. And that is fine. But that does not mean that people who only want to do confidentiality should rip up the infrastructure that is designed to serve a different purpose. _______________________________________________ dev-security-policy mailing list [email protected] https://lists.mozilla.org/listinfo/dev-security-policy
