On Mon, Mar 23, 2020 at 3:13 PM Burton via dev-security-policy < [email protected]> wrote:
> CAs, > > Please can you give a brief statement regarding these questions below: > > a) What’s your operational status at this time? > > b) Do you expect in the next six months to maintain an adequate operational > status? > > c) If the worst case scenario does happen, what have you planned to > maintain operationally? > I think it's unlikely to get responses from many CAs. There is purely risk here, with an unclear goal. I appreciate the clarity, but I also don't think m.d.s.p. is necessarily a good venue for CA communications. For example, if you'd like to submit this to Kathleen as a suggestion for a CA communication, that might be a more productive endeavor. It also means that open ended questions like this may not get consistent answers across CAs. For example, CA Foo might say their operational status is "Case Nightmare Green" while CA Bar might say that their operational status is "Major Tom" and CA Baz says "The eagle has left the nest". Those are answers, but are they helpful? Similarly, "adequate" operational status and "worst case" are equally ill-defined. In short, while I appreciate the curiosity, I don't think anything of value can be gained from this thread, at least holistically. And it just seems inherently risky for CAs to respond without that shared context. _______________________________________________ dev-security-policy mailing list [email protected] https://lists.mozilla.org/listinfo/dev-security-policy
