Paul Hoffman wrote: > At 7:16 PM +0100 12/25/08, Michael Ströder wrote: >> I'd tend to punish a rogue CA by removing their root CA cert from NSS. >> Maybe this serves as a good example to other CAs that the Mozilla CA >> policy is really enforced. Otherwise nobody will care. > > This is Firefox we're talking about, not IE. Do you really think that > this is going to help end users, or just hurt people who bought > certificates from the lax (not rogue) CA?
PKI is about security. Strange I have to remind you about that. There is a Mozilla CA policy which was violated possibly causing a risk for end-users. Mozilla has to give some evidence to the community and CAs that the policy is enforced. > Like most punishment, the origin is more often the desire of the > punisher to feel powerful. In this case, it is also for financial > gain by the first one to propose the punishment, of course, but the > base desire is the same. Personally I have absolutely no benefit from withdrawing the trust flags from Comodo's root CA cert. So it seems strange to me that you're accusing me in such an arrogant way. This does not contribute anything to this discussion. Ciao, Michael. _______________________________________________ dev-tech-crypto mailing list dev-tech-crypto@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-tech-crypto
