On Thursday, 17 November 2016 19:28:54 UTC, Brian Smith wrote: > Let's say I screw up something and accidentally issue a certificate from my > sub-CA for google.com or addons.mozilla.org. Because of the name > constraints, this is a non-issue and shouldn't result in any sanctions on > the original root CA or Example Corp.
Signifies incompetence. This CA as operated is untrustworthy due to incompetence, root CA should decide whether corrective action by Example Corp is possible and appropriate or revoke the sub-CA. Trust stores should oversee CA investigation and if inadequate, consider sanctions. > Let's say I issue a SHA-1-signed certificate for > credit-card-readers.example.com. Again, that's 100% OK, if unfortunate, > because after 2017-1-1 one shouldn't be using Mozilla's trust store in a > web browser or similar consumer product if they accept SHA-1-signed > certificates. Once again, incompetence. There's a recurring pattern in most of the examples. A technical counter-measure would be possible, therefore you suppose it's OK to screw-up and the counter-measure saves us. I believe this is the wrong attitude. These counter-measures are defence in depth. We need this defence because people will screw up, but that doesn't make screwing up OK. _______________________________________________ dev-security-policy mailing list [email protected] https://lists.mozilla.org/listinfo/dev-security-policy
