Path: g2news1.google.com!news1.google.com!Xl.tags.giganews.com!border1.nntp.dca.giganews.com!nntp.giganews.com!local2.nntp.dca.giganews.com!nntp.mozilla.org!news.mozilla.org.POSTED!not-for-mail NNTP-Posting-Date: Fri, 29 Jan 2010 06:28:08 -0600 Date: Fri, 29 Jan 2010 14:28:08 +0200 From: Eddy Nigg <eddy_n...@startcom.org> Organization: StartCom Ltd. User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.9.1.7) Gecko/20100127 Lightning/1.0b1pre Shredder/3.0.2pre MIME-Version: 1.0 Newsgroups: mozilla.dev.security.policy Subject: Re: CNNIC Root Inclusion References: <DY-dnYQIkKax1_3WnZ2dnUVZ_omdnZ2d@mozilla.org> <EEE6AF68-122C-4798-B76B-99F70B2B525C@mozilla.com> <mailman.3446.1264750966.4112.dev-security-policy@lists.mozilla.org> In-Reply-To: <mailman.3446.1264750966.4112.dev-security-policy@lists.mozilla.org> Content-Type: text/plain; charset=UTF-8; format=flowed Content-Transfer-Encoding: 7bit Message-ID: <K_CdncGRNoLFSf_WnZ2dnUVZ_uKdnZ2d@mozilla.org> Lines: 39 X-Usenet-Provider: http://www.giganews.com NNTP-Posting-Host: 212.117.158.94 X-AuthenticatedUsername: NoAuthUser X-Trace: sv3-e4J/FnbsjEgZ76KoFHZ8clKKnRDG4Dwiij1Abv2vb3Y3SGSjG/llF+Ri4Gt/45PzKCmuMrHtYTCXdt9!5kuhLsYYsnbM+/V9UrsDe2BfdptZ97g+v7m7lFhF/aAjv2taJ+Jv/WQHXBMVKt0YF7uODMSArCyx!0kYZMEqslI4SXw== X-Complaints-To: abuse@mozilla.org X-DMCA-Complaints-To: ab...@mozilla.org X-Abuse-and-DMCA-Info: Please be sure to forward a copy of ALL headers X-Abuse-and-DMCA-Info: Otherwise we will be unable to process your complaint properly X-Postfilter: 1.3.40 On 01/29/2010 09:42 AM, makrober: > Johnathan Nightingale wrote: >> 1) We have never claimed as a matter of policy that our PKI decisions >> can protect people from malicious governments. It's just not a >> plausible promise for us to make. > > With due respect, "never have made the promise" just doesn't cut it in > my eyes. Even though I agree with you that there is an understanding that the security decisions taken at Mozilla, being it by fixing flaws or here at this group with admitting CAs, are made to protect and provide reasonable security to the users, I'm ignoring the rest of your message as a distraction from the problem at hand. If you feel you would like to discuss your idea, lets do so under a different thread. Having said that, most CAs disclose in their policies compliance to local legislation and law. If those laws allow for MITMs, we obviously should consider this accordingly. In the meantime some more comments have been posted at the various bugs, I'd like to highlight one of them since there is some relevance to the above: On CNNIC website, it's clearly stated that CNNIC is directly administrated by both "Ministry of Industry and Information Technology of the PRC" and Chinese Academy of Sciences (budget controlled by the government). You are right, CNNIC is not a government, but it's directly managed by the government and did everything that Chinese government asked it to do. -- Regards Signer: Eddy Nigg, StartCom Ltd. XMPP: start...@startcom.org Blog: http://blog.startcom.org/ Twitter: http://twitter.com/eddy_nigg
Message from discussion CNNIC Root Inclusion
| Create a group - Google Groups - Google Home - Terms of Service - Privacy Policy |
| ©2013 Google |