On 15/08/17 21:24, Kathleen Wilson wrote: > Mozilla's Root Store policy says: "CAs MUST follow and be aware of > discussions in the mozilla.dev.security.policy forum, where Mozilla's > root program is coordinated." > > There is no indication about how frequently a representative of the > CA must check the m.d.s.policy discussions. And what about when a > CA's representative is on vacation? (e.g. the month of August for > many CAs) Do we really expect them to monitor m.d.s.policy while on > vacation? (I don't even monitor it myself while I'm on vacation.)
Yes, indeed. That stipulation was more to prevent CAs claiming lack of awareness of issues which had been discussed at length, rather than making it so people can report issues here and count them as properly reported to the CA. There are no SLAs for CAs reviewing m.d.s.policy, although ignoring it entirely for a month would suggest to me that the absent employee should have delegated. Gerv _______________________________________________ dev-security-policy mailing list [email protected] https://lists.mozilla.org/listinfo/dev-security-policy
