Robert Relyea wrote: >>> >>> Can we eliminate the whole CA notion by just using a single sig over >>> the list from a "root" ... and just deliver signed updates? > We could use PKIX to authorize the roots by setting up a mozilla root, > then cross signing each of the approved roots. In that case mozilla > could issue a CRL to revoke a root, then it's effectively revoking an > intermediate. (and revoking the base mozilla root would still have all > the problems currently described, except now you have a single point of > failure). > > The problem with this idea is that mozilla probably does not want to be > in the CA business. The overhead of creating a mozilla root key in a > safe and secure manner is quite involved (and more than doing a key gen > on a smart card).
Yes, I see that. To which I'd add, my feeling of the PKIX-layer solution is equally non-confident: adding root-revocation capability is likely to be a mess. Although it is possible to do the whiteboard exercise (as seen over the last few days), the little issues that keep popping out suggest to me that we are rolling the wheel uphill, sisyphean-like. Which leaves the "software-update-to-root-list" solution. Having said all that, it was definately fun to whiteboard through all the alternates! iang
smime.p7s
Description: S/MIME Cryptographic Signature
_______________________________________________ dev-tech-crypto mailing list dev-tech-crypto@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-tech-crypto
