Gervase Markham wrote:
Ian G wrote:
A worthy question. The great value of the
'show the CA brand on the chrome' is that it
takes Mozilla out of the judgement game and
into the tools game.
That's why showing the CA brand in the chrome, or something like
TrustBar is great for Ian Grigg, and terrible for my grandmother. You
want tools - and I quite understand that. My grandmother doesn't want
tools to assess her level of risk, she wants to be safe.
As a consumer browser, we have to be in the judgement game. We already
are - we select CAs.
Yes, at the moment, that is the case. But there
are some ramifications to that.
There is no judgement without liability, and in
the US, no liability without being sued. How much
money has Mozilla Foundation got?
The problem is not so much whether this is fair or
not, but whether Mozilla can survive being hit with
a case. If it can - if it has deep pockets and/or
pro bono on tap - then maybe this is a workable
strategy. (Microsoft gets to play that game, and in
fact it is the all time favourite of the attornies
in the US.) If not, then Mozilla is hoping that one
of the class action plays does not include it for
tactical reasons.
(It's all tactical, it's nothing to do with justice.)
In normal commercial markets, if you are making a
judgement for someone, you take money for it, and
get insurance and so forth. Normally if something
is given away for free, there is a disclaimer that
says "we are not responsible" and "you can't sue
us" and so forth.
But with the root list, that doesn't work. MoFo
is explicitly saying "trust this root list..." MoFo
had better hope that your grandmother doesn't lose
her house.
iang
--
News and views on what matters in finance+crypto:
http://financialcryptography.com/
_______________________________________________
mozilla-crypto mailing list
[email protected]
http://mail.mozilla.org/listinfo/mozilla-crypto
