On Thursday, March 7, 2019 at 1:27:42 PM UTC-5, Kristian Fiskerstrand wrote: > On 3/7/19 6:59 PM, Jaime Hablutzel via dev-security-policy wrote: > > So the following holds true and (from my point of view) very critical > > indeed. Quoting Benjamin Gabriel: > > > >> ...that sovereign nations have the fundamental right to provide > >> digital services to their own citizens, utilizing their own > >> national root, without being held hostage by a provider situated in > >> another nation. You should note that DarkMatter's request is also > >> for the inclusion of UAE's national root > > I would question the assertion of any "fundamental right" of a sovereign > nation in this context; But sidestepping that there are still > alternative ways to achieve it than exposing all users globally to risk; > E.g nothing would stop a local linux distribution, or a localized > Microsoft product version, from including the root,
This wouldn't help UAE's companies providing their services abroad. > or the user to > install it locally by choice, This is a burden for end users. > as its citizens are more likely to accept > the local laws as they are governed by them already. > > Trust is ultimately a subjective consideration, and no list of > requirement can ever be the full set of requirement, as any system based > on such a method can and will be gamed. > > -- > Kristian Fiskerstrand > OpenPGP keyblock reachable at hkp://pool.sks-keyservers.net > fpr:94CB AFDD 3034 5109 5618 35AA 0B7F 8B60 E3ED FAE3 _______________________________________________ dev-security-policy mailing list dev-security-policy@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-security-policy
