Re: [FORGED] Re: SSL Certs for Malicious Websites
On 27/05/16 13:20, Peter Gutmann wrote: > Apart from the lucky CAs who have been given government- > mandated monopolies, would any CA still exist today if there weren't a need to > pay someone to turn off the browser warnings? It depends what alternative configuration-free idiot-proof secure communications technology you have invented in your fantasy world to take its place. Whatever the disadvantages of the current system, it must be recognised that it provides the ability for every single Internet user to have their communications with any website that opts-in encrypted on the wire without them having to do, know or configure _anything_. That's huge. Gerv ___ dev-security-policy mailing list dev-security-policy@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-security-policy
Re: Job: Is it OK to post a job listing in this forum?
I'm opposed to allowing job postings in this forum. The focus should be policy as that is the reason we have gathered here. Job postings generally are intended for people in a particular country with a particular level of experience who are actively seeking or receptive to a new job. Sending out off-topic messages that are intended for a subset of a subset of a subset of people here sounds like spam to me. Original Message From: Kathleen Wilson Sent: Thursday, May 26, 2016 5:17 PM To: mozilla-dev-security-pol...@lists.mozilla.org Subject: Job: Is it OK to post a job listing in this forum? Hi All, I have been asked if it is OK to post job listings in mozilla.dev.security.policy. Surprisingly, I don't recall ever being asked that question before, and I am not aware of a written policy about the content of postings to mozilla.dev.security.policy. So, here is a proposal: ~~ Jobs may be posted if they meet the following criteria: * The company/organization name is clearly listed * The person posting the job information actually works for that company/organization and is not a contracted recruiter * A single posting only (for each job opportunity) * The person posting the job info is actively engaged in this mozilla.dev.security.policy forum * The job opportunity is a role relevant to the forum's audience * The posting consists of a paragraph outline and a "read more" URL * The Subject of the posting begins with "Job: " ~~ Does that sound reasonable? As always, I will appreciate thoughtful and constructive input. Thanks, Kathleen ___ dev-security-policy mailing list dev-security-policy@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-security-policy ___ dev-security-policy mailing list dev-security-policy@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-security-policy
RE: [FORGED] Re: SSL Certs for Malicious Websites
Ryan Sleeviwrites: >This seems both off-topic and not productively addressing the topic at hand. Yeah, maybe it's best taken to another list like cypherpunks or the crypto list. It was intended as an honest, and probably pretty blunt, assessment of the state of HTTPS: It was introduced to build consumer, and merchant, confidence in using the Internet for business, killing the competing SET in the process, and it's succeeded in doing that. Once that was done, which happened about 15-20 years ago, its main role became perpetuating the existence of CAs. Apart from the lucky CAs who have been given government- mandated monopolies, would any CA still exist today if there weren't a need to pay someone to turn off the browser warnings? Peter ___ dev-security-policy mailing list dev-security-policy@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-security-policy
Re: Job: Is it OK to post a job listing in this forum?
On 27/05/16 04:09, David E. Ross wrote: > I would have several concerns, mostly about Mozilla's ability to verify > the criteria are met and the effort to do that verification. For > example, how would anyone here verify the following? This is partly why there is an important criterion that jobs only be posted by people who are already active forum participants. If jobs can only be posted by people we know, we hope that will avoid the "gaming of the rules" scenarios. > If this is a valid use of news.mozilla.org, then perhaps a new MODERATED > newsgroup would be appropriate. However, that would still require > assigning staff to moderate and monitor the postings, for which there > would be a cost. There is already a mozilla.jobs forum; however, the traffic is near-zero and I suspect few if any members of this forum are also members there, so posting there would be pointless. If having a separate forum has not worked in practice, I think it's reasonable to try the integrated approach if we can make sure we don't get the more obvious forms of abuse, at least. Gerv ___ dev-security-policy mailing list dev-security-policy@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-security-policy