On Fri, Oct 30, 2020 at 10:49 AM Bailey Basile via dev-security-policy < dev-security-policy@lists.mozilla.org> wrote:
> > We specifically chose not to issue Apple certificates for these keys > because we did not want users to have to trust only Apple's assertion that > this key is for a third party. > > I understand the goal of having an external CA certify the domain name of the data processing participants' certificate (and associated key), but... What UI experience makes any of this relevant to the user? Is there going to be a UI screen in the platform in which the user can view and/or choose what parties (presumably by domain name) they will be submitting data shares to? Will that UI be displaying any of the certificates, key hashes, or public keys involved? I think domain validation for this kind of thing is pretty weak regardless. If Apple wanted to, they could just register super-trusted-data-process-namealike.com, get ISRG to issue a WebPKI cert for that and then incorporate that certificate in this scheme. DNS based validations don't demonstrate that the target is truly independent of Apple. _______________________________________________ dev-security-policy mailing list dev-security-policy@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-security-policy