On Fri, Oct 30, 2020 at 10:49 AM Bailey Basile via dev-security-policy <
dev-security-policy@lists.mozilla.org> wrote:

>
> We specifically chose not to issue Apple certificates for these keys
> because we did not want users to have to trust only Apple's assertion that
> this key is for a third party.
>
>
I understand the goal of having an external CA certify the domain name of
the data processing participants' certificate (and associated key), but...
What UI experience makes any of this relevant to the user?  Is there going
to be a UI screen in the platform in which the user can view and/or choose
what parties (presumably by domain name) they will be submitting data
shares to?  Will that UI be displaying any of the certificates, key hashes,
or public keys involved?

I think domain validation for this kind of thing is pretty weak
regardless.  If Apple wanted to, they could just register
super-trusted-data-process-namealike.com, get ISRG to issue a WebPKI cert
for that and then incorporate that certificate in this scheme.  DNS based
validations don't demonstrate that the target is truly independent of Apple.
_______________________________________________
dev-security-policy mailing list
dev-security-policy@lists.mozilla.org
https://lists.mozilla.org/listinfo/dev-security-policy

Reply via email to