Correct me if I'm wrong but AFAIK all the main participants that consume what the CCADB creates are all US based (Mozilla/Microsoft/Google/Apple/Oracle/Adobe).
Also if you really want "neutrality" then you'll need to define what you mean exactly. And probably include include Africa, Asia and South America at a minimum. I don't think this makes any sense. On Wed, Feb 1, 2023 at 11:12 AM John Han (hanyuwei70) <[email protected]> wrote: > I understand that. Perhaps we could use "with a US-based or EU-based > company." to address neutrality or it is impossible in legal? > > 在2023年2月2日星期四 UTC+8 01:18:15<[email protected]> 写道: > >> On Wed, Feb 1, 2023 at 9:42 AM John Han (hanyuwei70) <[email protected]> >> wrote: >> >>> > The CA operator is in a global region that cannot use the CCADB >>> <https://trust.salesforce.com/blocked>, or is not capable of entering >>> into a contractual agreement with a US-based >>> <https://www.treasury.gov/resource-center/sanctions/Programs/Pages/Programs.aspx> >>> company. >>> Is this means US government can control whether any CA is in Mozilla >>> root store? >>> >> >> I would assume if they are listed on >> https://sanctionssearch.ofac.treas.gov/ for example then yes, Mozilla >> and friends can't be doing business with them (and putting them into the >> root CA ... yow). I'm trying to think of a legitimate corner case where a >> company can't do business with a US entity legally but is still somehow >> trustworthy enough to be a root CA, and nothing comes to mind. >> >> -- >> Kurt Seifried (He/Him) >> [email protected] >> > -- Kurt Seifried (He/Him) [email protected] -- You received this message because you are subscribed to the Google Groups "[email protected]" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To view this discussion on the web visit https://groups.google.com/a/mozilla.org/d/msgid/dev-security-policy/CABqVa3_gkOpWih%2BzQC4xZDj%3DErH27%2BN5_7a03fS7gPyKHB%3DzDQ%40mail.gmail.com.
