On Wed, Feb 8, 2023 at 1:42 PM Kathleen Wilson <[email protected]> wrote:
> I appreciate your patience and continued feedback as we work together to > get this all correct and usable. > > https://wiki.mozilla.org/CA/Root_Inclusion_Considerations > > I have incorporated recent feedback as follows. > > - Changed “network surveillance…” to: > network surveillance > <https://en.wikipedia.org/wiki/Computer_and_network_surveillance#Network_surveillance> > that intercepts/manipulates traffic or collects private information about a > person or organization and sends it to another entity without the > permission of the person or organization, or in a way that endangers the > privacy or device security of the person or organization > Another wrinkle that just came up: In the ATOS root certificate discussion it turns out ATOS also makes a Data Loss Prevention (DLP) product, so obviously having a root cert to MitM that would be hugely helpful, and probably not something we want to be done with root certificates. Maybe adding some language around "if digital certificates are issued for domains the issuer MUST establish control/consent with the owner/controller of the domain" which would basically negate the whole man-in-the-middle (MitM) usage of these certificates even in "legitimate" products. -- Kurt Seifried (He/Him) [email protected] -- You received this message because you are subscribed to the Google Groups "[email protected]" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To view this discussion on the web visit https://groups.google.com/a/mozilla.org/d/msgid/dev-security-policy/CABqVa39cgYy_GhOCyJokJ7yjoxmwXDtKMV4nk1mRv-Rr23c9Yg%40mail.gmail.com.
