On 08/11/2016 19:08, Gervase Markham wrote:
On 08/11/16 16:28, [email protected] wrote:
Is it your intent that once OneCRL-revoked intermediates are brought
into compliance that they'd be removed from OneCRL, or are they gone
for good, a warning sign to those who follow.
TBD. I'm enquiring about whether it's possible to remove certs and, if
it is, what lingering effects (if any) that might have.
PS: Maybe it'd be good to use a source of randomness that is not from
the UK government.
If someone can predict the lottery numbers, I suspect they would put
that power to a different use than deciding which intermediate
certificates Mozilla should distrust.
However because all the sources are from a single entity (the UK
government), that entity could manipulate the results, thus falsifying
the provable randomness of the process.
Note that unlike a 3rd party predicting lottery numbers, the lottery
itself has limited alternative benefit (and no direct downside) to
fiddling its own outcome, as long as noone finds out they did it.
Thus to get this provable randomness, perhaps use lottery numbers from
3 trustworthy lotteries in 3 different parts of the world (who don't
have a "special relationship" in such matters). For example:
1. One of those UK lotteries
2. A Russian state lottery, if any exist.
3. A Chinese state lottery, if any exist
4. A Japanese state lottery, if one of the above doesn't exist.
Also, define the action time in UTC, not UK local time, e.g. 12:00 noon
UTC.
P.S.
I am aware of the current zero-difference between UK local time and
UTC, but this was not so just 10 days ago.
Enjoy
Jakob
--
Jakob Bohm, CIO, Partner, WiseMo A/S. https://www.wisemo.com
Transformervej 29, 2860 Søborg, Denmark. Direct +45 31 13 16 10
This public discussion message is non-binding and may contain errors.
WiseMo - Remote Service Management for PCs, Phones and Embedded
_______________________________________________
dev-security-policy mailing list
[email protected]
https://lists.mozilla.org/listinfo/dev-security-policy
