[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: [tor-bugs] #3929 [Tor Browser]: Remove CNNIC

To: undisclosed-recipients:;
Subject: Re: [tor-bugs] #3929 [Tor Browser]: Remove CNNIC
From: "Tor Bug Tracker & Wiki" <torproject-admin@xxxxxxxxxxxxxx>
Date: Mon, 05 Sep 2011 09:42:46 -0000
Auto-submitted: auto-generated
Delivered-to: archiver@xxxxxxxx
Delivery-date: Mon, 05 Sep 2011 05:42:59 -0400
In-reply-to: <049.85bd7636b9d4c42aa99401df609acb96@xxxxxxxxxxxxxx>
List-archive: <http://lists.torproject.org/pipermail/tor-bugs>
List-help: <mailto:tor-bugs-request@lists.torproject.org?subject=help>
List-id: Tor bug tracker status mails <tor-bugs.lists.torproject.org>
List-post: <mailto:tor-bugs@lists.torproject.org>
List-subscribe: <https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs>, <mailto:tor-bugs-request@lists.torproject.org?subject=subscribe>
List-unsubscribe: <https://lists.torproject.org/cgi-bin/mailman/options/tor-bugs>, <mailto:tor-bugs-request@lists.torproject.org?subject=unsubscribe>
References: <049.85bd7636b9d4c42aa99401df609acb96@xxxxxxxxxxxxxx>
Reply-to: tor-assistants@xxxxxxxxxxxxxx
Sender: tor-bugs-bounces@xxxxxxxxxxxxxxxxxxxx

#3929: Remove CNNIC
-------------------------+--------------------------------------------------
 Reporter:  mikeperry    |          Owner:  mikeperry                    
     Type:  defect       |         Status:  new                          
 Priority:  major        |      Milestone:  TorBrowserBundle 2.2.x-stable
Component:  Tor Browser  |        Version:                               
 Keywords:               |         Parent:                               
   Points:               |   Actualpoints:                               
-------------------------+--------------------------------------------------

Comment(by mikeperry):

 Replying to [comment:1 ioerror]:
 > We need to write up our design for forking the CA root system from
 Mozilla and remove all of the CA roots that are sketchy. CNNIC should go
 next.

 The reality of the situation is that there probably isn't a concrete
 policy that could justify the removal of this CA. I sort of almost thought
 about crying a couple crocodile tears for Mozilla when they had to include
 this cert, because you really want to trust that the repeat offender might
 reform themselves and suddenly start respecting people's right to secure
 communications, but you just know bad time are ahead.

 I guess the larger question is: Should we perform a kind of harm reduction
 against the CA model, and allow people to select a number of certs for
 their language/locale that covers X% of the sites they are likely to
 visit?

 In the meantime, it seems that without exits in China, and without any
 real way for Tor users to access Chinese infrastructure without hitting
 the GFW, there is no reason for us to include this cert. The number of tor
 users who need it is effectively zero.

-- 
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/3929#comment:2>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
_______________________________________________
tor-bugs mailing list
tor-bugs@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

References:
- [tor-bugs] #3929 [Tor Browser]: Remove CNNIC
  - From: Tor Bug Tracker & Wiki

Prev by Author: Re: [tor-bugs] #3930 [Tor Relay]: tor 0.2.2.32 crashes with SIGSEV on SSL_CIPHER_get_name
Next by Author: Re: [tor-bugs] #3929 [Tor Browser]: Remove CNNIC
Previous by thread: Re: [tor-bugs] #3929 [Tor Browser]: Remove CNNIC
Next by thread: Re: [tor-bugs] #3929 [Tor Browser]: Remove CNNIC
Index(es):
- Author
- Thread