On Thu, Feb 18, 2010 at 10:06 AM, Soh Kam Yung <[email protected]> wrote: > >From > >[http://www.freedom-to-tinker.com/blog/felten/mozilla-debates-whether-trust-chinese-ca]. > Read also [http://lwn.net/Articles/372386/]. > > ===== > Mozilla Debates Whether to Trust Chinese CA
> By Ed Felten - Posted on February 16th, 2010 at 2:45 pm > > Sometimes geeky technical details matter only to engineers. But > sometimes a seemingly arcane technical decision exposes deep social or > political divisions. A classic example is being debated within the > Mozilla project now, as designers decide whether the Mozilla Firefox > browser should trust a Chinese certification authority by default. > [...] > If the CA is competent and honest, then you can rely on the cert, and > your connection will be secure. But a dishonest CA can trick you into > talking to an impostor site, so you need to be cautious about which > CAs you trust. Your browser comes preinstalled with a list of CAs whom > it will trust. In principle you can change this list, but almost > nobody does. So browser vendors effectively decide which CAs their > users will trust. > [...] > CNNIC's defenders respond that any CA could do such a thing [provide a yes, CNNIC definitely cannot be trusted, > valid cert for an imposter site]. If the problem is that CNNIC is too > close to a government, what about the CAs already on the Firefox CA > list that are governments? Isn't CNNIC being singled out because it is > Chinese? Doesn't the country with the largest Internet population > deserve at least one slot among the dozens of already trusted CAs? > These are all good questions, even if they're not the whole story. > > Mozilla's decision touches deep questions of fairness, trust, and > institutional integrity that I won't even pretend to address in this > post. No single answer will be right for all users. > [...] > ===== > > -- > Soh Kam Yung > my Google Reader Shared links: > (http://www.google.com/reader/shared/16851815156817689753) > my Google Reader Shared SFAS links: > (http://www.google.com/reader/shared/user/16851815156817689753/label/sfas) -- Cheng Renquan (程任全), from Singapore _______________________________________________ LUGS Mailing list - [email protected] List FAQ: http://wiki.lugs.org.sg/LugsMailingListFaq Info page: http://www.lugs.org.sg/mailman/listinfo/slugnet To unsubscribe send an empty email to: [email protected]
