I dislike the idea. Other CAs contribute to the discussion but should not the gatekeeper. Ryan Sleevi makes complete sense since Google uses the NSS store. Commercial CAs actually having a say on another CA's inclusion (outside of the current public discussion) seems like something that should be prohibited by policy.
-----Original Message----- From: dev-security-policy [mailto:dev-security-policy-bounces+jeremy.rowley=digicert....@lists.mozilla.org] On Behalf Of Kathleen Wilson Sent: Friday, February 6, 2015 2:37 PM To: [email protected] Subject: Re: Updating Peers of Mozilla's CA Certificates and CA Certificate Policy modules On 2/5/15 10:41 PM, Man Ho (Certizen) wrote: > > However, if Mozilla would add one > more peer from CA background (except Let's Encrypt), it'd be even better. > There are indeed several representatives of the CAs in Mozilla's program who regularly provide valuable contributions to the discernment and discussions regarding the CA program. How do you all feel about the idea of one (or more) of the representatives of the CAs in Mozilla's program also being a Peer of the CA Certificates module? Reminder of what this means... Name: CA Certificates Description: Determine which root certificates should be included in Mozilla software products, which trust bits should be set on them, and which of them should be enabled for EV treatment. Evaluate requests from Certification Authorities (CAs) for inclusion or removal of root certificates, and for updating trust bit settings or enabling EV treatment for already included root certificates. Kathleen _______________________________________________ dev-security-policy mailing list [email protected] https://lists.mozilla.org/listinfo/dev-security-policy _______________________________________________ dev-security-policy mailing list [email protected] https://lists.mozilla.org/listinfo/dev-security-policy
