Confirmed users, Administrators
5,526
edits
CA:GovernmentCAs: Difference between revisions
Jump to navigation
Jump to search
→Suggestions about what to do about Government CAs
| Line 64: | Line 64: | ||
== Suggestions about what to do about Government CAs == | == Suggestions about what to do about Government CAs == | ||
Suggestions to consider... | |||
* Require CAs to use separate root certificates for the CA hierarchies that are for issuing certs to governments. | |||
* Restrict government roots to their TLDs | * Restrict government roots to their TLDs | ||
| Line 80: | Line 77: | ||
** {{bug|555701}} | ** {{bug|555701}} | ||
* Treat Government CAs like other CAs that provide the necessary documentation and audit statements to show compliance with Mozilla's CA Certificate Policy. | |||
** Make a clear statement about what it means to have a root certificate in Mozilla's program. | |||
*** What statements can truly be made about CAs in Mozilla's program. | |||
*** Are we trying to protect users from being spied on by their governments? | |||
*** Is inclusion in Mozilla's CA Certificate program an indicator that the CA is not evil? | |||
*** What is out-of-scope; e.g. what are unreasonable assumptions for people to make about CAs in Mozilla's program. | |||
*** Cannot protect anyone from governments using their power on their citizens, whether it is a government-owned CA or not. | |||
== What Inclusion of a CA in Mozilla's Program Means == | == What Inclusion of a CA in Mozilla's Program Means == | ||