At 9:42 AM -0700 10/24/08, Robert Relyea wrote: >Paul Hoffman wrote: >>Robert: you are already in that business by distributing trust anchors that >>you have (sometimes) vetted. You are a CA without signing anything, just by >>distributing a trust anchor repository. >> >Yes, but by doing so we aren't in the business of keeping secret data.
<sigh> Excellent point. >Going to to the cross cert idea has lots of appeal to me, but the biggest down >side is Mozilla would need to protect a private key to at least the level CA's >in our list protect their root keys. <sigh>^2 The same would be true if you ran a trust anchor management protocol, which requires the manager to have a keypair for the service. >That takes on a much bigger operational burden than mozilla currently has, and >bigger than mozilla has to date been willing to take on. Understood. And probably right. --Paul Hoffman _______________________________________________ dev-tech-crypto mailing list dev-tech-crypto@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-tech-crypto
