To the best of my knowledge, the only "standard" sanction we have today is complete distrust of a root or intermediate, and in practice that rarely happens. On the surface, the idea of lesser sanctions like removing the EV indicator for some period of time is appealing to me, but I think we need to take a step back and discuss whether or not this is really a good idea. Would Mozilla be better off in the long run having lesser sanctions readily at our disposal?
First off, I question if we would really use lesser sanctions more often. I think we would still want to coordinate their implementation with other user agents, and that is a tedious process. Second, what might be the unintended consequences? For example, would CAs shift their focus from maintaining trust to avoiding sanctions? - Wayne On Wed, Jan 24, 2018 at 9:24 AM, Ryan Sleevi <r...@sleevi.com> wrote: > I didn't say it was easy, and I don't disagree that there are ways in > which it can be improved (e.g. to include server side checks). However, > there are some inescapable limitations in such approaches (e.g. users who > cannot contact the Mozilla servers that govern such flags), thus there's > always some code change necessary to ensure both a sane/predictable default > (in the event of persistent DoS to an update server) and a configurable > flag for that which matters. > > On Wed, Jan 24, 2018 at 9:24 AM, James Burton <j...@0.me.uk> wrote: > >> There is no easy way to temporary sanction non-compliant CAs >> for lateness of documents, incidents and etc. >> There needs to be a switch developed which allows program members to >> disable features such as EV without messing around in code. >> >> James >> >> > _______________________________________________ dev-security-policy mailing list dev-security-policy@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-security-policy
