Future of Internet Security discussion: Wed 6th April, 9-11am PDT
Gervase Markham
called for a wide-ranging discussion about where the future of internet
security, and where we want to be in 3-5 years. Do we need to continue
to reinforce what we have now, or do we need to consider alternative or
complementary approaches?
On Wednesday 6th April from 9-11am Pacific Daylight Time (4-6pm UTC,
5-7pm British Summer Time, 6-8pm West European Time), during the Mozilla
meeting in Mountain View, California, there will be a 2 hour session
which aims to continue and further the discussion started in this forum.
===Hour 1===
This hour will be for future thinking, new ideas, and visions of how
things could be. All weird and wonderful ideas, succinctly presented,
are welcome.
People can propose ideas which change:
* Mozilla policy
* CAB Forum policy
* Firefox
* NSS
* published standards
or anything else you think we have influence over.
We anticipate discussing a great many ideas, so people are asked to a)
think beforehand how to be brief, and b) to respect the moderator's
decisions to move topic.
===Hour 2===
Based on hour 1, hour 2 will be an attempt to put together a roadmap for
Mozilla of policy, technical and advocacy changes we need to make. If
Hour 1 was "where do we want to go?", hour 2 will be "how do we get there?".
===Taking Part===
The hope is to use the Air Mozilla infrastructure for video and audio
streaming and dial-in; ways to take part are listed here:
https://wiki.mozilla.org/WeeklyUpdates
(IRC back channel in #airmozilla rather than #staffmeeting.)
However, do check this group for any last-minute updates if we can't get
it working!
Gerv
Walter Goulet
I just wanted to confirm that this meeting is open to the general public. I'm not affiliated with any CA vendors, but would be most interested in listening in to understand Mozilla's future plans.
Walter Goulet
Walter Goulet
Daniel Veditz
Yes it is, that's why Gerv posted here. If we don't get the video
going we should at least have the dial-in number and IRC back-channel.
Peter Gutmann
>On Wednesday 6th April from 9-11am Pacific Daylight Time (4-6pm UTC, 5-7pm
>British Summer Time, 6-8pm West European Time), during the Mozilla meeting in
>Mountain View, California, there will be a 2 hour session which aims to
>continue and further the discussion started in this forum.
I realise this is going to sound like a snarky question, but it's genuine: The
discussion on the list so far has indicated that it's just going to end up as
another round of PKI-me-harder. Since this is at an awkward time for people
in NZ and Australia, is there any intent to discuss solutions not involving
more PKI, or should I just turn the alarm off again at 4am? In other words
will there be, say, an hour set aside during which no-one can mention PKI,
certificates, CRLs, CAs, and all the other stuff, and instead explore
alternative solutions?
Peter.
Gervase Markham
> I realise this is going to sound like a snarky question, but it's genuine: The
> discussion on the list so far has indicated that it's just going to end up as
> another round of PKI-me-harder. Since this is at an awkward time for people
> in NZ and Australia, is there any intent to discuss solutions not involving
> more PKI, or should I just turn the alarm off again at 4am? In other words
> will there be, say, an hour set aside during which no-one can mention PKI,
> certificates, CRLs, CAs, and all the other stuff, and instead explore
> alternative solutions?
Hi Peter,
Sorry not to have replied before; you may be asleep now! But the answer
is: during the first hour, I want to ask two questions:
- What would it look like to fix the current model?
- What alternative or significantly modified models are there, and what
are their pros and cons?
So to answer your question: things which do not involve any PKI,
certificates, CRLs or CAs will have to share a (roughly) half-hour with
things like DANE and short-lived certificates. I'll let you decide
whether it's worth getting out of bed for :-)
There is no way we will reach a conclusion here in 1 or even 2 hours,
but I do hope to be able to survey the whole landscape, not just "how do
we add more patches to the current system".
Gerv
Matt McCutchen
having trouble finding it:
http://etherpad.mozilla.org:9000/FOIS
--
Matt
Gervase Markham
> In the wake of the recent Comodo certificate misissuances, Mozilla has
> called for a wide-ranging discussion about where the future of internet
> security, and where we want to be in 3-5 years. Do we need to continue
> to reinforce what we have now, or do we need to consider alternative or
> complementary approaches?
It was mentioned in this meeting that there would be a
Mozilla-community-focussed follow up session at 1pm on Thursday (i.e. in
10 minutes). Dial in info and conference number is the same (#8600).
Gerv
Gervase Markham
> It was mentioned in this meeting that there would be a
> Mozilla-community-focussed follow up session at 1pm on Thursday (i.e. in
> 10 minutes). Dial in info and conference number is the same (#8600).
My apologies if anyone tried this; I found out too late that the room
chosen had particularly poor audio conference facilities.
A summary of what was decided has now been posted.
Gerv
Steve Schultze
Where?
Gervase Markham
>> A summary of what was decided has now been posted.
>
> Where?
Here, as "NSS/PSM improvements - short term action plan".
Gerv