* Frank Hecker: > What you describe may be a problem in theory, but are there cases > where it's proved to be a problem in practice? Certainly from the > point of view of the Mozilla Foundation I find it very hard to > imagine that any CA would seek to limit distribution of their root > CA certs due to copyright or trademark issues; on the contrary, > they're the ones asking us to include the certs.
But those who redistribute your software want some reassuring statements, too. (Debian has rather strict policies WRT to licensing for part of its archive, but this is the exception.) > As for problems caused to typical Mozilla end users by CA legal > agreements, again, what if any problems have actually occurred in > practice? IMHO, mandatory OSCP checks are an unacceptable privacy invasion. > Hence in accordance with my previously-expressed opinions (see 4 of the > metapolicy, "The policy should focus on security risks associated with > CA certificate selection, not on legal risks."), I'm inclined to not > worry about this issue in version 1.0 of the CA certificate policy, > until/unless someone presents compelling arguments to the contrary. This is probably reasonable. _______________________________________________ mozilla-crypto mailing list mozilla-crypto@mozilla.org http://mail.mozilla.org/listinfo/mozilla-crypto
