On Mon, May 18, 2015 at 9:15 PM, Matt Palmer <mpal...@hezmatt.org> wrote: > > I disagree that "we, the browsers and standards bodies of the Internet" > have > very different leverage. In either case, if a CA misbehaves, their root > certs can be pulled from the trust store (or otherwise neutered). That > doesn't change because the CA is run by a corporation or a government. >
Except that corporations and governments have totally different options available as responses to this threat. A government without a trusted CA has many paths to ensuring its root certificate appears on the browsers and/or OSes of computers in its country. There are also multiple trusted root programs, and a government can mandate the use of the one that works with them most collaboratively. A government may also view the removal of their root certificate as less severe than a corporation would. For a commercial CA, the removal of their root certificate is death (at least to their certficate business). For a government, it may be only an inconvenience, and may not lead to the shutdown of any operation depending on it. There are no market forces with governments. A commercial CA caught betraying sites or users may be abandoned by the market, or its owners sued or even imprisoned. A government CA caught doing something similar is unlikely to be held to the same account. You're right, there *is* leverage. The nature and strength of that leverage is different. -- Eric > > > By contrast, to constrain a government to its own properties (e.g. . > gov.in > > > or .gov) doesn't advance a geographic boundary, but an organizational > > > boundary. > > > > The position that constraining e.g. the Government of India to .in is > > bad but to gov.in is OK is an interesting one. I didn't expect anyone to > > make that argument. > > It's a perfectly reasonable one, assuming that gov.in is, in fact, > reserved > for an identifiable entity. If an entity can demonstrate that they have > authority (not just *control*, as in a registrar, but *authority* to do > with > it entirely as they see fit) over a namespace, they should be allowed to do > whatever they want within that namespace. It's no different than giving > the > entity that has authority over example.com a constrained CA certificate > over > that name. > > - Matt > > -- > Yes, Java is so bulletproofed that to a C programmer it feels like being in > a straightjacket, but it's a really comfy and warm straightjacket, and the > world would be a safer place if everyone was straightjacketed most of the > time. -- Mark 'Kamikaze' Hughes > > _______________________________________________ > dev-security-policy mailing list > dev-security-policy@lists.mozilla.org > https://lists.mozilla.org/listinfo/dev-security-policy > -- konklone.com | @konklone <https://twitter.com/konklone> _______________________________________________ dev-security-policy mailing list dev-security-policy@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-security-policy
