* whatever the legislation of a sovereign state it can hardly be a browser's
remit to govern the state's citizen by hard coding a block, preventing those
not participating in this panel discussion to install the certificate(s) if
they would desire to do so (for whatever reason that may be and that may seem
inexplicable/controversial to anyone petitioning for a hard coded block)
* whether the relatively few opinions, compared to the electorate of a state,
in this panel discussion are (a) representative (majority) of said electorate
is debatable
* if this becomes a test case for defying the legislation of a sovereign state
and a hard coded block is elected then it will have to be replicated so without
bias for any other state that aspires a similar measure, regardless of such
state's state of domestic affairs. Else it would taint the renown instilled in
the trust lender (certificate store)
* are there any such petitions made to other vendors, or panel discussions held
with such vendors, that provide certificate stores, such as Google, Apple,
Microsoft?
* what would be the measurable impact in terms of users if only Mozilla
implements a hard coded block?
* and if this discussion is meant to put a spotlight on MitM (at least the the
topic's subject would imply as such and if not then please pardon/ignore the
digression) as well then perhaps consider that the majority of users is
blisfully unaware when their TLS connections are being termniated (decrypted)
midair whilst reaching a host that is being served through reverse proxy
providers (cue SNI). Here the remote host allows the reverse proxy to decrypt
the traffic at its edge server and thus all the traffic is accessible in the
clear to the reverse proxy provider (MitM). Whether the intentions of a reverse
proxy provider are more sublime than a state probably lies in the eye of the
beholder and likely vary as much.
_______________________________________________
dev-security-policy mailing list
dev-security-policy@lists.mozilla.org
https://lists.mozilla.org/listinfo/dev-security-policy
