I will try to further explain my thoughts on this. As we all know, according to Mozilla Policy "CAs MUST follow and be aware of discussions in the mozilla.dev.security.policy <https://www.mozilla.org/about/forums/#dev-security-policy> forum, where Mozilla's root program is coordinated". I believe Mozilla Root store managers' minimum expectations from CAs are to _read the messages and understand the content of those messages_. Right now, we have [1], [2], [3], [4], [5], [6], [7], [8], [9] policy-related threads opened up for discussion since October 15th.

If every post in these threads contained as much information and complexity as your recent reply to Clemens, I think it eventually "abuses" the requirement that CAs must follow discussions in m.d.s.p. and leads to fatigue. Understanding the complicated English language used, especially for non-Native English speakers, is a very challenging and difficult task of its own. Therefore, I think it is unreasonable for Mozilla Root store managers to expect that CAs will follow and understand all of these discussions if these threads are bombarded with long and complicate emails that only very few will be able to read and understand.

I think sending specific questions is a good advice and I will try to do that next week, but please try to also consider and respect the fact that CAs have a finite set of resources to work on these issues, among other duties. An unexpected increase in the volume of information CAs must follow, creates a risk that something critical might be missed, despite the good efforts of CAs having allocated the necessary resources to monitor these lists and Bugzilla incidents.

I obviously can't suggest anyone to post more or less, each person has the right to post whatever he/she deems necessary. I just wanted you to know, as a peer to this Module, that some participants of this Root Program want to contribute and continue to do so, and it would help tremendously if some messages were shorter and simpler to read. Perhaps breaking down your long reply into more than one messages might make them easier to process, I don't know.

Thanks for listening :-)


Dimitris.



[1]: https://groups.google.com/g/mozilla.dev.security.policy/c/4fhP4iV4ut4/m/WQknrWbhAAAJ [2]: https://groups.google.com/g/mozilla.dev.security.policy/c/ZFLsguJyFDo/m/Tmn5rcXhAAAJ [3]: https://groups.google.com/g/mozilla.dev.security.policy/c/oJiMmvAJXdI/m/ZhH6oLwpAAAJ [4]: https://groups.google.com/g/mozilla.dev.security.policy/c/3sW3_cRBrfo/m/ErldH8JWAQAJ [5]: https://groups.google.com/g/mozilla.dev.security.policy/c/Oqd2iKCFELI/m/f9Kfs0M0BAAJ [6]: https://groups.google.com/g/mozilla.dev.security.policy/c/DChXLJrMwag/m/uGpEqiEcBgAJ [7]: https://groups.google.com/g/mozilla.dev.security.policy/c/nMrORsPPcds/m/hVahATyTBwAJ [8]: https://groups.google.com/g/mozilla.dev.security.policy/c/rbSFMYKlfI4/m/3kvOhydWAQAJ [9]: https://groups.google.com/g/mozilla.dev.security.policy/c/xk3BanrcljY/m/8dFyM-5pAQAJ



On 2020-11-07 1:40 π.μ., Ryan Sleevi via dev-security-policy wrote:
On Fri, Nov 6, 2020 at 6:08 PM Dimitris Zacharopoulos via
dev-security-policy <dev-security-policy@lists.mozilla.org> wrote:

Can other people, except Ryan, follow this thread? I certainly can't. Too
much information, too much text, too many assumptions, makes it impossible
to meaningfully participate in the discussion.

These are complex topics, for sure, but that’s unavoidable. Participation
requires a degree of understanding both about the goals to be achieved by
auditing, as well as the relevant legal and institutional frameworks for
these audits. So, admittedly, that’s not the easiest to jump into.

Could you indicate what you’re having trouble following? I don’t know that
we can do much about “too much information”, since that can be said about
literally anything unfamiliar, but perhaps if you would simply ask
questions, or highlight what you’d like to more about, it could be more
digestible?

What would you say your desired outcome from your email to be? Accepting,
for a second that this is a complex topic, and so discussion will
inherently be complex, and so a response such as “make it simpler for me”
is a bit unreasonable.
_______________________________________________
dev-security-policy mailing list
dev-security-policy@lists.mozilla.org
https://lists.mozilla.org/listinfo/dev-security-policy


_______________________________________________
dev-security-policy mailing list
dev-security-policy@lists.mozilla.org
https://lists.mozilla.org/listinfo/dev-security-policy
  • Policy 2.7.1: MRSP Issue #1... Ben Wilson via dev-security-policy
    • Re: Policy 2.7.1: MRSP... Clemens Wanko via dev-security-policy
      • Re: Policy 2.7.1: ... Ryan Sleevi via dev-security-policy
        • Re: Policy 2.7... Wojtek Porczyk via dev-security-policy
          • Re: Policy... Ryan Sleevi via dev-security-policy
          • Re: Policy... Clemens Wanko via dev-security-policy
            • Re: P... Ryan Sleevi via dev-security-policy
              • R... Dimitris Zacharopoulos via dev-security-policy
                • ... Ryan Sleevi via dev-security-policy
                • ... Dimitris Zacharopoulos via dev-security-policy
                • ... Ryan Sleevi via dev-security-policy
                • ... Dimitris Zacharopoulos via dev-security-policy
                • ... Ben Wilson via dev-security-policy
                • ... Dimitris Zacharopoulos via dev-security-policy
            • Re: P... Clemens Wanko via dev-security-policy
              • R... Ryan Sleevi via dev-security-policy
                • ... Kathleen Wilson via dev-security-policy
                • ... Kathleen Wilson via dev-security-policy
                • ... Ryan Sleevi via dev-security-policy
                • ... Kathleen Wilson via dev-security-policy

Reply via email to