I was going to suggest that indeed Symantec be put out of business by
refusing to add any new roots to NSS and refusing to update any expiring
roots. However, that would be a weak response since only one root
expires in the current decade, in a little less than two years from now.
Many of the Symantec-branded roots do not expire until 6-8 years from
now. Most of Symantec's Verisign-branded roots will not expire in my
lifetime (and my family has extraordinary longevity).
I would suggest that Symantec be placed on a form of probation. The
terms of probation would be that any further negligence or other
unacceptable operations within the next nn [some small number] years
would cause all Symantec controlled roots to be promptly deprecated
(e.g., removed from NSS, left in NSS but marked invalid). The terms of
probation would specify clear, detailed, objective meanings of
negligence and other unacceptable operations sufficient to withstand
legal challenges if deprecation is indeed imposed.
A notice of this probation must be made broadly public. Before public
release, however, hard copies of the notice should sent by postal mail
both to the CEO of Symantec and to the top management of Symantec's
outside auditors, signed by both Mitchell Baker and Chris Beard. That
mailed notice should direct Symantec to notify promptly all holders of
subscriber certificates of the terms of the probation. This would warn
potential users of concern over Symantec's operations. This would also
give existing users time to consider renewing their expiring subscriber
certificates with other certification authorities. The end result would
shrink Symantec.
--
David E. Ross
<
http://www.rossde.com>
Consider:
* Most state mandate that drivers have liability insurance.
* Employers are mandated to have worker's compensation insurance.
* If you live in a flood zone, flood insurance is mandatory.
* If your home has a mortgage, fire insurance is mandatory.
Why then is mandatory health insurance so bad??