On Mon, Mar 4, 2019 at 11:03 AM Matthew Hardeman <mharde...@gmail.com> wrote:
> > > On Sun, Mar 3, 2019 at 6:13 PM Ryan Sleevi <r...@sleevi.com> wrote: > >> >> It is not clear how this follows. As my previous messages tried to >> capture, the program is, and has always been, inherently subjective and >> precisely designed to support discretionary decisions. These do not seem to >> inherently conflict with or contradict transparency. >> >> Even setting aside the examples of inclusions - ones which were designed >> to be based on a communal evaluation of risks and benefits - one can look >> at the fact that every violation of the program rules and guidelines has >> not resulted in CAs being immediately removed. Every aspect of the program, >> including the audits, is discretionary in nature. >> >> It would be useful to understand where and how you see the conflict, >> though. >> > > I think my disconnect arises in as far as that for the period of time in > which I've tracked the program and this group, I can not recall use of > subjective discretion to deny admission to the program. Any use of a > subjective basis as the lead cause for not including Dark Matter would, to > my admittedly limited time-window of observation in this area, be new > territory. > Thanks for clarifying! I think you're absolutely correct, which is that for a number of years, the program strictly acted based on a rules-based testing: if you met a series of criteria, which were believed to be objective, then you'd be admitted into the program, even when there were concerns and objections. In my previous message, I tried to highlight how the original design of the program itself was meant to encourage more consideration than merely that rules-based testing, by highlighting some of the early discussions and Frank's goals. I also tried to provide examples of threads where past Mozillan Module Peers or Owners argued in favor of just that - treating it as a rule-based mechanism - in the hope of providing objective consistency. However, I also tried to highlight how that the assumption that the existing "checklist" approach is objective is a flawed assumption - it's actually resting on a host of subjective elements. I also tried to highlight how the dogmatic checklist approach has, in turn, left users at risk, and that CA removals are, to some extent, fundamentally subjective - since we aren't removing every CA for the most minor infraction, and even CAs with major infractions have still undergone some discussion. There was certainly a lot more to say - I ended up cutting several more pages of discussions and references around audits and root program goals. I did try to highlight, but perhaps insufficiently, that considering more factors than just the list-checking was both permitted in the current policy and anticipated from the beginning of the policy. The items that are checklists - such as audits - were merely seen as a short-hand way for Mozilla (and the community) to obtain some degree of assurance that CAs did what they say. In doing so, I was trying to highlight how the past several years have shown structural deficiencies from over-reliance on audits to achieve such a goal, while also trying to briefly highlight that audits - or at least, the audits we use today - fundamentally weren't meant to be used in a list-checking way that they were being used. Wayne's initial message here is, I think, trying to address the transparency concern, which is why I struggled to see the conflict that I understood you to be referencing. One can be transparent, while also considering more than just checkboxes, and I think this discussion is trying to ensure that transparency and community feedback. I think there are a couple of core questions, and differences in how these are answered may perhaps explain some of your discontent: 1) Would denying Dark Matter represent a fundamental change in the Root Store Policy, or is it consistent with the existing policy? 2) If it does represent a change, should Dark Matter be accepted under the old policy, or (possibly) rejected under some new policy that might emerge? 3) If Dark Matter was rejected, would the basis for the rejection be something objective (e.g. perhaps some definition of 'credible' reports from 'credible' news agencies linking the organization to certain 'objectionable' behaviours, for some value of 'credible' and 'objectionable') or would it be seen as something subjective? My previous response tried to capture that I think a decision would be consistent with existing policy (#1), and that the policy wholly allows for subjective evaluations (#3). The question that I left unanswered was #2 - but tried to highlight past cases and discussions for which CA inclusions were deferred until the development or resolution of fundamental policy questions, and that allows for either answer to #2. I can totally understand that, given past precedent, it may seem as if the answer to #1 is that this discussion does represent a meaningful change in policy, and that because of it, the answer to #2 may be to accept DM now, while debating what the answer for what #3 should be. Do you think that captures some of the disconnect you may be seeing? _______________________________________________ dev-security-policy mailing list dev-security-policy@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-security-policy
