On 19/01/2018 11:09, Gervase Markham wrote:
On 19/01/18 01:05, Jakob Bohm wrote:
On 18/01/2018 11:01, Gervase Markham wrote:
On 17/01/18 19:49, Jakob Bohm wrote:
3. Major vertical CAs for high value business categories that issue
publicly trusted certificates at better than EV level integrity. For
How do you define "major"? And "high value business category"?
Major would be the biggest 1 to 3 of their kind, ignoring any covering
only a small fraction of the relevant web site/e-mail population even if
in the top 3. Also any not doing this globally is not major.
I guess my question was ambiguous. Clearly it's very easy to come up
with arbitrary definitions for these things, but what's the rationale?
Why 1-3? Why not 1-8?
My suggestions are only meant to inspire formal rules written / chosen
by module leaders such as you.
Point of this is to avoid a bloated situation with 50+ financial
industry specific CAs and 50+ medical profession CAs etc. This would
generally be for single worldwide organizations, with an option to
handle some kind of alliance schism in the industry, e.g. between those
who align with EuroCard/Visa/Mastercard (EVM) and another global group
that explicitly wants as little to do with the first group as possible.
High value business category would be a category where web users have an
extremely high need for genuineness. Banks/central payment systems
would be the canonical example, with the VISA CA/SET combination as a
possible historic example (noting that it looks like they don't
currently qualify even if they did in the past).
You've just shifted the definitional problem to the words "extremely
high need for genuineness".
Proving examples of what you personally mean by these terms is not
sufficient to make a definition, unless the Mozilla policy becomes
"whatever Jakob Bohm decides".
Gerv
Enjoy
Jakob
--
Jakob Bohm, CIO, Partner, WiseMo A/S. https://www.wisemo.com
Transformervej 29, 2860 Søborg, Denmark. Direct +45 31 13 16 10
This public discussion message is non-binding and may contain errors.
WiseMo - Remote Service Management for PCs, Phones and Embedded
_______________________________________________
dev-security-policy mailing list
dev-security-policy@lists.mozilla.org
https://lists.mozilla.org/listinfo/dev-security-policy
