On Wed, 26 Sep 2018 16:03:58 +0000 Jeremy Rowley via dev-security-policy <dev-security-policy@lists.mozilla.org> wrote:
> Note that I didn’t say Google controlled the policy. However, as a > module peer, Google does have significant influence over the policy > and what CAs are trusted by Mozilla. Although everyone can > participate in Mozilla discussions publicly, it’s a fallacy to state > that a general participant has similar sway or authority to a module > peer. I do not agree with this. I participate in m.d.s.policy as an individual and I don't think there has ever been a situation where I felt I did not have "similar sway or authority to a module peer". Thinking back to, for example, TSYS, my impression was that my post on the Moral Hazard from granting this exception had at least as much impact as you could expect for any participant. Mozilla declined to authorise the (inevitable, to such an extent I pointed out that it would happen months before it did) request for yet another exception when TSYS asked again. I think my situation may be different from yours Jeremy in that even when posting strictly in a personal capacity your "other hat" remains in view. I don't really have another hat, I'm a Relying Party from the Network. I want the Network to be able to Rely on the Web PKI and I seek the Prevention of Future Harm to myself and other Relying Parties. That lines up really well with Mozilla's goals (not quite perfectly since Mozilla cares primarily about Firefox not generic Relying Parties) Nick. _______________________________________________ dev-security-policy mailing list dev-security-policy@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-security-policy