On Monday, 3 April 2017 23:34:44 UTC+1, Peter Kurrasch  wrote:
> I must be missing something still? The implication here is that a purchaser 
> who is not yet part of the root program is permitted to take possession of 
> the root cert private key and possibly the physical space, key personnel, 
> networking infrastructure, revocation systems, and responsibility for 
> subordinates without having first demonstrated any competence at ‚Äérunning a 
> CA organization.

This appears to me to simply be a fact, not a policy.

Suppose Honest Achmed's used car business has got him into serious debt. Facing 
bankruptcy, Achmed is ordered by a court to immediately sell the CA to another 
company Rich & Dick LLC, which has never historically operated a CA but has 
made informal offers previously.

Now, Mozilla could say, OK, if that happens we'll immediately distrust the 
root. But to what end? This massively inconveniences everybody, there's no 
upside except that in the hypothetical scenario where Rick & Dick are bad guys 
the end users are protected (eventually, as distrust trickles out into the 
wild) from bad issuances they might make. But a single such issuance would 
trigger that distrust already under the policy as written and we have no reason 
to suppose they're bad guys.

On the other hand, if Rich & Dick are actually an honest outfit, the policy as 
written lets them talk to Mozilla, make representations to m.d.s.policy and get 
themselves trusted, leaving the existing Honest Achmed subscribers with working 
certificates while everything is straightened out, all Rich & Dick need to do 
is leave issuance switched off while they reach an agreement.

Because continuing trust is always at Mozilla's discretion if something truly 
egregious happened (e.g. Achmed's CA is declared bankrupt, a San Francisco 
start-up with four employees and $6Bn of capital buys their hardware for 
pennies on the dollar and announces it'll be issuing free MITM SSL certificates 
starting Monday morning) then Mozilla is still free to take extraordinary 
action and distrust Achmed's root immediately without waiting until Monday 
morning.
_______________________________________________
dev-security-policy mailing list
dev-security-policy@lists.mozilla.org
https://lists.mozilla.org/listinfo/dev-security-policy

Reply via email to