Hi, Matt, I'm sorry. I can't speak to the UI design at this time or in this forum, but transparency to users and verifiability of the privacy claims were of the utmost importance to the engineering teams.
Bailey On Friday, October 30, 2020 at 1:11:07 PM UTC-7, mhar...@gmail.com wrote: > On Fri, Oct 30, 2020 at 10:49 AM Bailey Basile via dev-security-policy < > dev-secur...@lists.mozilla.org> wrote: > > > > > We specifically chose not to issue Apple certificates for these keys > > because we did not want users to have to trust only Apple's assertion that > > this key is for a third party. > > > > > I understand the goal of having an external CA certify the domain name of > the data processing participants' certificate (and associated key), but... > What UI experience makes any of this relevant to the user? Is there going > to be a UI screen in the platform in which the user can view and/or choose > what parties (presumably by domain name) they will be submitting data > shares to? Will that UI be displaying any of the certificates, key hashes, > or public keys involved? > > I think domain validation for this kind of thing is pretty weak > regardless. If Apple wanted to, they could just register > super-trusted-data-process-namealike.com, get ISRG to issue a WebPKI cert > for that and then incorporate that certificate in this scheme. DNS based > validations don't demonstrate that the target is truly independent of Apple. _______________________________________________ dev-security-policy mailing list dev-security-policy@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-security-policy
