Am Dienstag, 22. März 2011 21:08:31 schrieb Thomas Jost: > So this is really nothing new. And the issue is certainly not specific > to Microsoft, it's really about trust in the CAs whose certificates are > bundled with every browser
Also, any company operating in a country is to be expected to abide to the laws of that country. Almost all countries have laws that include special exceptions for surveillance in case of law enforcement or "secret" services. If a company does not follow these laws, you have "the X breaks the law" discussion as well. So it is a difficult question. Overall I believe companies should care more and refuse to just help country "officials" when they act against very commonly accepted human rights, for example not providing a fair trail. As for the CA safety: This is an important issue. I think two things should happen: We need an initiative to evaluate root CAs and publish lists. Also I think we should create a Free Software certificate checker that also uses these list, e.g. something like Gpg4win (I am one of the makers of Gpg4win). More evaluations of implementations would also be useful and the ability of browser to compare the last end certificate they saw. Best, Bernhard -- FSFE -- Deputy Coordinator Germany (fsfeurope.org) Your donation makes our work possible: www.fsfeurope.org/help/donate.en.html
signature.asc
Description: This is a digitally signed message part.
_______________________________________________ Discussion mailing list [email protected] https://mail.fsfeurope.org/mailman/listinfo/discussion
