On Thu, Mar 7, 2019 at 5:35 PM Matt Palmer via dev-security-policy < dev-security-policy@lists.mozilla.org> wrote:
> > In the face of exterior political force, the people of the UAE couldn't get > *globally trusted* certificates full-stop. Off the top of my head, all of > the widely-adopted web PKI trust stores are managed by US organisations. > One directive from the US government, and a trust anchor is *gone*. Thus, > having a trust anchor is not even a *sufficient* condition to produce the > outcome you're advocating for, let alone a necessary one. > > if the UAE government, or its people, wishes to ensure their supply of > "globally trusted" certificates, they need to start running their own PKI > trust store. > This gets fairly far afield, but it is far more likely that successful defenses for maintaining the entry on the trust list could be made than for the issuance of new certificates. One of these is literally a case of mere publishing and only to software users. The other is the act of actually performing a signature (doing real work specifically for the benefit of the subscriber). That later case is far less protected. _______________________________________________ dev-security-policy mailing list dev-security-policy@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-security-policy
