> The CA operator is in a global region that cannot use the CCADB <https://trust.salesforce.com/blocked>, or is not capable of entering into a contractual agreement with a US-based <https://www.treasury.gov/resource-center/sanctions/Programs/Pages/Programs.aspx> company. Is this means US government can control whether any CA is in Mozilla root store?
> Mis-issued a large or unknown number of end-entity or intermediate certificates that they are not able to enumerate; I agree with Kurt Seifried, we can require CA to report all mis-issued cert to determine a baseline for current CAs. So we can have a better understand about mis-issurance. About network surveillance and cyber espionage, these need to be more specific. For example, police or other security agencies will use cameras to defend possible attacks. we could consult CA operators to have better understanding. 在2023年2月1日星期三 UTC+8 04:16:05<[email protected]> 写道: > All, > > I will greatly appreciate your feedback on the following new wiki page. > > https://wiki.mozilla.org/CA/Root_Inclusion_Considerations > > As you all know, sometimes we have very difficult decisions to make in > regards to new inclusion or continued inclusion of root certificates in > Mozilla's root store. With this new wiki page I am hoping to make such > difficult root inclusion decisions more deterministic. Hopefully it will > help the next time we have a difficult discussion about a CA who is > currently in Mozilla's program. And hopefully it will enable us to decline > root inclusion requests before we even get to the public discussion phase > when the CA has participated in unacceptable behavior or has a multitude of > concerning behaviors. > > Thanks in advance for your thoughtful and constructive consideration. > > Kathleen > > > > -- You received this message because you are subscribed to the Google Groups "[email protected]" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To view this discussion on the web visit https://groups.google.com/a/mozilla.org/d/msgid/dev-security-policy/70ab298c-44db-4a8a-9b26-46cd32f3e6e7n%40mozilla.org.
