On Mon, Sep 17, 2018 at 9:43 AM Wayne Thayer <wtha...@mozilla.com> wrote:
> Even though the discussion period has ended, Mozilla will continue to > consider factual information that is submitted as comments here: > https://bugzilla.mozilla.org/show_bug.cgi?id=1325532 > > Your concern about "without comment and then get approved" may stem from a > misunderstanding of Mozilla's process, as documented here: > https://wiki.mozilla.org/CA/Application_Verification A lack of comments > indicates that the community is satisfied with the review that was > performed on the inclusion request. > > Finally it seems that your concerns with this request have to do with > browser vendors also operating CAs? If so, I think that is a topic that is > much broader than this inclusion request. Google already operates as a CA > via cross-signing, as do Microsoft and Apple. > > Correction: Google is already a root CA in Mozilla's program because they acquired two roots from GlobalSign, as discussed here: https://groups.google.com/d/msg/mozilla.dev.security.policy/1PDQv0GUW_s/oxDWH07VDgAJ On Mon, Sep 17, 2018 at 8:29 AM jtness--- via dev-security-policy < > dev-security-policy@lists.mozilla.org> wrote: > >> I am disappointed I didn't see this before the three week comment period, >> because this is an incredible disaster. Mozilla is seriously considering >> permitting a company with a completely unilateral ability to shut other >> Root CAs down (via their market share over Chrome and Android, and that the >> CAB has no legal authority to countermand their decisions on what CAs they >> trust), to then also be a competitor to these companies which it can >> unilaterally remove from the market? This is the sort of world-ending crud >> that shouldn't pass through a random Google Group without comment and then >> get approved. >> >> _______________________________________________ dev-security-policy mailing list dev-security-policy@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-security-policy
