在 2017年11月22日星期三 UTC+8下午5:06:26,Gervase Markham写道: > We understand that WoTrus (WoSign changed their name some months ago) > are working towards a re-application to join the Mozilla Root Program. > Richard Wang recently asked us to approve a particular auditor as being > suitable to audit their operations. > > In the WoSign Action Items bug: > https://bugzilla.mozilla.org/show_bug.cgi?id=1311824 > Kathleen wrote "WoSign may apply for inclusion of new (replacement) root > certificates[1] following Mozilla's normal root inclusion/change > process[2] (minus waiting in the queue for the discussion), after they > have completed all of the following action items, and no earlier than > June 1, 2017." > > However, one step in the inclusion process is the public discussion, and > we have some reason to believe that this may lead to significant > objections being raised. It would not be reasonable to encourage WoSign > to complete all the other steps in the process if there was little or no > chance of them being approved in public discussion. > > So Kathleen and I thought it would be best to have a pre-discussion now, > in order to make sure that expectations are set appropriately. If WoTrus > had completed all the action items in the bug and arrived at the public > discussion part of the application, what would people say? If you raise > an objection, please say if there is any way at all that you think > WoTrus could address your issue. > > Thanks for your input, > > Gerv
To be short, I will object the application for these reasons if no more evidence presentes: 1. Richard should left management of WoTrus. 2. WoTrus can't provide community any new service. So why we take risks to accept their application? 3. China Internet community don't trust Qihoo 360 despite what Qihoo 360 did has nothing to do with CA. But this is about trust. _______________________________________________ dev-security-policy mailing list dev-security-policy@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-security-policy
