Is the belief then that they are added, but then never maintained, and therefore browsers should intervene and prevent their addition
How is that different from some industry sector requiring a piece of third-party software that is never updated? That is, as Martin said, it seems that the concern you’re raising is one of a lack of update/maintenance. The clarification suggests it’s not a lack of browser/OS maintenance, but maintenance by the local user/organization administrator. However, at that point, what makes 25 years better than 100 years? Both seem unacceptably long? What is the frequency at which an organization should review any roots it has added, if software was going to be prescriptive about local configuration? It would seem to be on the order of months, not years. On Tue, Oct 12, 2021 at 4:55 AM Peter Gutmann <[email protected]> wrote: > Martin Thomson <[email protected]> writes: > > >Can you say more about this? Are you concerned that people are not > getting > >updates to their trust anchors? > > These are CAs (or more accurately TAs) added directly to the trust store by > private organisations serving, for example, a particular sector of > industry, > they're not audited by anyone. So the TA will be active forever, or at > least > for one to two hundred years depending on what the certificate says unless > the > browsers actually enforce an upper limit. > > Peter. > > -- > You received this message because you are subscribed to the Google Groups " > [email protected]" group. > To unsubscribe from this group and stop receiving emails from it, send an > email to [email protected]. > To view this discussion on the web visit > https://groups.google.com/a/mozilla.org/d/msgid/dev-security-policy/SY4PR01MB62514EB282924431AF720D28EEB69%40SY4PR01MB6251.ausprd01.prod.outlook.com > . > -- You received this message because you are subscribed to the Google Groups "[email protected]" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To view this discussion on the web visit https://groups.google.com/a/mozilla.org/d/msgid/dev-security-policy/CAErg%3DHG-z0nF6FaMojdWrSBP7yuvxu5-2jUbP0sgy579PQr-8A%40mail.gmail.com.
