On Thu, Mar 19, 2020 at 05:30:31AM -0500, Ryan Sleevi via dev-security-policy wrote: > [...] but given that some negligent and > irresponsible CAs kept agitating to reduce revocation requirements than > protect users, the ballot was kept simple.
> [...] I worry the same set of negligent and irresponsible
> CAs will try to advocate for more CA discretion when revocation, such as
> allowing the CA to avoid revoking when they’ve mislead the community as to
> what they do (CP/CPS violations) or demonstrated gross incompetence (such
> as easily detected spelling issues in jurisdiction information).
>
> I would hope no CA would be so irresponsible as to try to bring that up
> during such a discussion.
If I'm reading this correctly, you're labeling some CAs as negligent,
irresponsible and incompetent basing on the discussion and/or voting in CA/B
Forum. But those are adjectives that are inverse of what is required of CAs to
have roots included in root store [0].
Additionally, I've seen multiple statements, some of them under official hats,
that Mozilla treats CA conduct holisticaly when assessing trust (I don't have
reference handy).
Do you think that Mozilla may in the future consider voting or discussing
"wrong" (for any definition of "wrong") as having impact on general trust that
Mozilla has placed in a particular CA?
(Maybe I'm exaggerating, but just think of it: "<CA name> Issues. Issue X:
failure to vote YES on ballot <Y>").
[0] "Including any CA carries a level of risk that is measured, in part, by
the past record of the CA (or lack thereof), their responsiveness (or
lack thereof), and the level of competence and precision demonstrated by
the CA during the inclusion process.";
"Having a root certificate you control included in Mozilla's root store is
a major ongoing responsibility"
(both from https://wiki.mozilla.org/CA/Application_Process)
--
pozdrawiam / best regards _.-._
Wojtek Porczyk .-^' '^-.
(under personal hat) |'-.-^-.-'|
| | | |
I do not fear computers, | '-.-' |
I fear lack of them. '-._ : ,-'
-- Isaac Asimov `^-^-_>
signature.asc
Description: PGP signature
_______________________________________________ dev-security-policy mailing list dev-security-policy@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-security-policy
