On 3/7/19 6:59 PM, Jaime Hablutzel via dev-security-policy wrote: > So the following holds true and (from my point of view) very critical > indeed. Quoting Benjamin Gabriel: > >> ...that sovereign nations have the fundamental right to provide >> digital services to their own citizens, utilizing their own >> national root, without being held hostage by a provider situated in >> another nation. You should note that DarkMatter's request is also >> for the inclusion of UAE's national root
I would question the assertion of any "fundamental right" of a sovereign nation in this context; But sidestepping that there are still alternative ways to achieve it than exposing all users globally to risk; E.g nothing would stop a local linux distribution, or a localized Microsoft product version, from including the root, or the user to install it locally by choice, as its citizens are more likely to accept the local laws as they are governed by them already. Trust is ultimately a subjective consideration, and no list of requirement can ever be the full set of requirement, as any system based on such a method can and will be gamed. -- Kristian Fiskerstrand OpenPGP keyblock reachable at hkp://pool.sks-keyservers.net fpr:94CB AFDD 3034 5109 5618 35AA 0B7F 8B60 E3ED FAE3
signature.asc
Description: OpenPGP digital signature
_______________________________________________ dev-security-policy mailing list dev-security-policy@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-security-policy