Hi Nick,
I want to thank you for bringing this up, because we always seem to have
the same kind of discussions when something happened. Ryan's mail has a
bunch of other suggestions for what we can do.
1. Implement "Require SCTs" for problematic CAs.
Is there a reason we don't require publishing everything in CT logs? I
think the publishing in the CT log can be relative simple, SCTs in the
certificate might require more work. We should probably push that
everybody at least has the ability to embed SCTs.
2. Create "at risk" category for problematic CAs which lasts some finite period
of time
Could we maybe combine this with UI changes?
Finally, I would like to mention, though I expect it to be shot down, a much
more radical way forward. RP audits. Relying Party audits.
I think an alternative is that we change the requirement of what the
current auditors all have to check. I understand that the reason they
don't check more is that it would require more time (and money) to do
the yearly audits.
It might also be useful that we have requirements for what things should
be in the audit report.
Kurt
_______________________________________________
dev-security-policy mailing list
[email protected]
https://lists.mozilla.org/listinfo/dev-security-policy
