Frank Hecker wrote:
Yes, in theory you're correct: The additional language, examples, etc., could go into a FAQ or other document rather than in the main policy. I also agree that the existing language already gave the flexibility to reject CAs for the various reasons stated in the examples. (I made this point in a reply to Nelson.) However...
Yes. I didn't reply to them there. I will here.
I added this new language to directly respond to concerns expressed by Nelson that the policy as written would let "bad" CAs slip through; these concerns may be shared by others. If Nelson and others of like mind think that this purpose can be accomplished by putting the examples into a separate "guidance" document (e.g., a FAQ) then I'd be glad to do that. On the other hand, if they believe that they should go into the policy itself then I am prepared to do that in the interests of achieving consensus.
The problem I have with that "any time for any reason" language is that it is 100% discretionary. I don't think that "guidance" should be separated from the policy. The whole point of the policy (IMO) is to give strong guidance to the person deciding on CAs.
Frank, I'm thinking that you and I will not always be as tightly coupled to mozilla as we are now. I want the policy to be clear enough that a mozilla sysadmin could administer this policy if we was asked to do so, and that wouldn't cause a huge change in the policy as perceived by outsiders. To put it another way, if the next person to mind the store decides he wants to change the policy radically, it should require the same amount of care to change the policy as has gone into the creation of the first policy. He shouldn't be able to change it on a whim because the policy has given him total discretion!
> "The perfect is the enemy of the good."
"Absolute discretion corrupts absolutely"
The reason for this is that the current set of concerns are not tomorrow's concerns. We may get today's concerns completely wrong, and we may find that tomorrow's concerns to be of much greater importance. Yet, because we have stated in the policy a set of concerns, then we are sort of caught in having to give them some weight.
Well, I think that was exactly Nelson's intent: he wanted those particular concerns to be given weight.
Exactly. I want people to have to think things through before excersizing uncontrolled discretion (or better, for them not to have uncontrolled discretion).
There are mozilla drivers who have sais they don't trust *ANY* CAs and just want encryption. I guess they are omniscient and can always well without any help whether they're being attacked or not. God help mozilla if they get to excersize total discretion over the root CA list.
The alternate is that we have to seek the re-approval of the document every time the concerns change to better reflect what threats we are facing today.
Precisely the point! I see that as a good thing!
-- Nelson B _______________________________________________ mozilla-crypto mailing list [email protected] http://mail.mozilla.org/listinfo/mozilla-crypto
