I understand that. Perhaps we could use "with a US-based or EU-based company." to address neutrality or it is impossible in legal?
在2023年2月2日星期四 UTC+8 01:18:15<[email protected]> 写道: > On Wed, Feb 1, 2023 at 9:42 AM John Han (hanyuwei70) <[email protected]> > wrote: > >> > The CA operator is in a global region that cannot use the CCADB >> <https://trust.salesforce.com/blocked>, or is not capable of entering >> into a contractual agreement with a US-based >> <https://www.treasury.gov/resource-center/sanctions/Programs/Pages/Programs.aspx> >> >> company. >> Is this means US government can control whether any CA is in Mozilla >> root store? >> > > I would assume if they are listed on > https://sanctionssearch.ofac.treas.gov/ for example then yes, Mozilla and > friends can't be doing business with them (and putting them into the root > CA ... yow). I'm trying to think of a legitimate corner case where a > company can't do business with a US entity legally but is still somehow > trustworthy enough to be a root CA, and nothing comes to mind. > > -- > Kurt Seifried (He/Him) > [email protected] > -- You received this message because you are subscribed to the Google Groups "[email protected]" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To view this discussion on the web visit https://groups.google.com/a/mozilla.org/d/msgid/dev-security-policy/5f1a1eca-e4c4-420a-829c-21ca3d62752dn%40mozilla.org.
