Accountapprovers, antispam, confirm, emeritus
4,925
edits
Changes
→Suggestions about what to do about Government CAs
* The least we can do is say something like, yes, [Chinese/Dutch] Government, we will accept your root, but it should only work by default for users browsing in the [Chinese/Dutch] language, others will have to click-through once to trust it. This isn't about building one-to-one mappings of websites to national jurisdictions. This is about putting a least-privilege scope on claims of trustworthiness rooted in sovereignty rather than an independently verified audit. It's about protecting the trans-national nature of Internet trust against the abuse and or incompetence of sovereigns.
** This is not "the least we can do", it's very difficult :-) Mapping languages to countries is a political minefield. Also, the en-US version of Firefox is used widely outside the US. People in some countries prefer to compute in English. If we are going to do something like this, restricting by site TLD rather than user language is much less controversial. -- Gerv
== What Inclusion of a CA in Mozilla's Program Means ==
