Hi Ryan, On Thu, 12 Jun 2025, Ryan Hurst wrote:
In the WebPKI, the contract analogy collapses: the "other party" isn't a single customer who can waive a breach; it's billions of relying parties who get zero say and zero cure period.
That's precisely the point behind my thought experiment. Where CAs (well, at least DigiCert, according to Jeremy) make contractual statements in their TOS instead of in their CP/CPS, the benefit of such statements is lost or at least diminished when it comes to Relying Parties. Making such statements in the CP/CPS instead would make it accessible to Relying Parties, to be factored into their trust decision.
That's why revocation is tied to CPS alignment. Some folks claim that easing enforcement will somehow coax CAs into greater transparency, but when has relaxing the rules ever improved openness in the WebPKI?
A CPS stating "we will do X, if we don't do X we will relinquish the revenue we made on the offending cert via credit to the subscriber", in ways that are testable, verifiable and enforceable would actually strengthen the ability and position of Relying Parties.
So far no one has presented an argument that credibly tells the story that the core problem is over-enforcement. Until that happens, I hope the community defaults to a more common-sense interpretation?maybe mine: that CPSs are still after-the-fact paperwork, hand-typed, not used by the organization that publishes them, and everyone just prays no one looks. That's a governance failure, not a transparency strategy.
Obviously, if this sets off a trend where even the currently existing guarantees made to Relying Parties as "absolute" (backed by revocation) will be downgraded to a credit, or a donation to Mozilla or, say, the local Zoo, that would be an undesirable consequence. But I would like to explore of such a dynamic could be avoided, while the benefits of making such commitments that are currently offered to Subscribers accessible to Relying Parties, I think that is worth exploring.
This would not change the mechansim you're referring to, the guarantee given by the CPS would still have to be upheld. Just the guarantee wouldn't be "we don't do X", but "we don't do X, or else, we will refund the subscriber, disclose the circumstances that lead to a certificate issued where we did X, and make the certificate identifiable". What happens if that guarantee is violated (alltogether), it would be all the same as now. What changed would only be the shape of the commitment.
I absolutely do not want to encourage CAs - or anyone in the WebPKI ecosystem - to exploit loopholes, or even to deviate drastically from established practices, and I don't think it would be a good idea for anyone to start doing this without reaching some form of consensus on this suggestion I am discussing. But that said, which parts of RFC 3647 or the BRs would you to interpret to actually disallow commitments conforming to such a structure as proposed, assuming they'd include commitments ensuring testability, verifiability and measurable consequences for scenarios the CA "weakly" commits to avoiding?
Tobi -- You received this message because you are subscribed to the Google Groups "[email protected]" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To view this discussion visit https://groups.google.com/a/mozilla.org/d/msgid/dev-security-policy/a88e25ff-25bd-9063-cec2-c95a5ddfd2df%40opera.com.
