On 12/28/2008 02:46 PM, Ian G:
1. Certs: All end-users who rely on these certs will lose. That probably numbers in the millions. All subscribers will lose, probably in the thousands. The CA will lose; potentially it will lose its revenue stream, or have it sliced in half (say), which is what we would call in business circles a plausible bankrupcy event.
Not relevant.
2. Mozo: Mozilla will lose because of all the undelivered security (all those good certs and subscribers and end-users). It may be sued by the CA and the CA's investors and/or the receiver/liquidator for a bad decision.
I suggest to you refrain from now on to give legal advice on these matters, Mozilla has a legal department and lawyers for that. But if we are at it, Mozilla has no legal or any other requirement (as far as I know) to include or keep a root. The Mozilla CA Policy clearly reserves the right to remove any of the roots (including all of them) at any time. If this isn't the case we all should know about it. Additionally it's Mozilla which also has the right to sue the CA and not the other way around. Just for your knowledge, Microsoft and other vendors reserve the same right.
3. Industry: All other CAs will lose because they will now have to include in their business plans the possibility of a root being dropped by a bad decision.
Very good! Even though I'm not the proponent of the proposal to remove Comodo's root (instead work towards a real improvement, with the removal as a stick), this is exactly what possible removal should achieve. Refrain CAs from making bad decisions. More than that, some CAs are on disadvantage when competing with CAs which are willing to take high risks. This must be clearly recognized and I'm all in favor of having to compete on equal footing. This isn't the case today.
4. Security will go down, because less certs are delivered and in use. (It's hard to calculate the secondary losses here, but not impossible.)
That's easy to revert, I'm certain there are a bunch of CAs ready to issue new certs to them.
1. Against that you can weigh the damages done so far and the harm to protect against. We know it is down to 11 or so certs, all revoked.
That's absolutely not correct. Right now nobody knows - including Comodo - how many certs are really unvalidated because of the lack thereof. This is what I know at the moment and it would be good if Comodo could dispute that claim and advice differently or confirm it.
2. There is the possible benefit to the other CAs as a punishment tool, in the case where the decision is good (see 3. above). There could be a knock-on effect in convincing CAs to tighten their game.
Right! I'm all in favor of that, lets go for it!
However, this needs to be balanced against other costs and loss of certs, and in practice, the dominant factor is this: more certs is more security, less certs is less security.
Less unvalidated certs is more security, not less. An unknown number of unvalidated certs is no security at all.
-- Regards Signer: Eddy Nigg, StartCom Ltd. Jabber: start...@startcom.org Blog: https://blog.startcom.org _______________________________________________ dev-tech-crypto mailing list dev-tech-crypto@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-tech-crypto