On Friday, 4 November 2016 19:37:07 UTC, Jeremy Rowley wrote:
> We also like the public disclosures CT requires as its been essential in
> identifying issuing CAs and non-compliances. That's probably not a surprise
> as we've always strongly supported CT. I do see the need for name redaction
> though as lots of the certificates are issued to individuals, and the
> European government freaks out whenever there is the potential disclosure of
> PII.
Unlike with DNS names / IP addresses in the Web PKI, I could still be persuaded
that redacting personal information about individual human subscribers would
make sense.
Nevertheless I think it's valuable to understand that European regulations in
this area ("Data Protection" is the usual English term) are not intended to
altogether prohibit the disclosure of PII. The regulations are instead focused
on ensuring that subjects know what is held about them, that they're told how
it will be used and why, that the data used is adequate yet not excessive for
that purpose, and that they can get any mistakes fixed.
So Data Protection could permit unredacted CT logging if it served some
legitimate purpose, particularly one that's in the subject's best interest such
as deterring identity fraud or protecting the integrity of the certificate
ecosystem they're using, and if subscribers were told about this before they
request the certificate.
_______________________________________________
dev-security-policy mailing list
dev-security-policy@lists.mozilla.org
https://lists.mozilla.org/listinfo/dev-security-policy
