All, I posted the following in Mozilla’s governance group <https://groups.google.com/u/1/a/mozilla.org/g/governance>.
Please feel free to comment either here in dev-security-policy <https://groups.google.com/u/1/a/mozilla.org/g/dev-security-policy> or in Mozilla’s governance group <https://groups.google.com/u/1/a/mozilla.org/g/governance>. ~~ All, I propose to make Ben Wilson the new owner of the “CA Certificates” <https://wiki.mozilla.org/Modules/All#CA_Certificates> module. In his role at Mozilla, Ben has become responsible for most of Mozilla’s root inclusion process <https://wiki.mozilla.org/CA/Application_Process#Process_Overview>. In addition to updating the existing processes, Ben created the Certificate Change Prioritization <https://wiki.mozilla.org/CA/Prioritization> process for determining the priority of root inclusion requests, and the Quantifying Value: Information Expected of New Applicants <https://wiki.mozilla.org/CA/Quantifying_Value> process for first-time root store applicants to provide sufficient information to help Mozilla determine if the benefit of including their root certificate is worth the risk of including it. Additionally, Ben has been performing most of Mozilla’s CA Application Process <https://wiki.mozilla.org/CA/Application_Process#Process_Overview> for over a year, including: - Verifying the information provided by the CA <https://wiki.mozilla.org/CA/Application_Verification#Information_Verification> - Performing a detailed review of the CA’s CP/CPS and audit documents <https://wiki.mozilla.org/CA/Application_Verification#Detailed_Review> - Leading the public discussion about the CA‘s request <https://wiki.mozilla.org/CA/Application_Verification#Public_Discussion> - Summarizing the discussion, resulting action items, and decision, e.g. - Stating the intent for Mozilla to approve the request, or - denying the request - The final stages of approving the request and creating, code reviewing, and testing the NSS and PSM bugs are currently done by me, but this can be done by a peer of the module. The idea mainly being to have some dual control. There are two modules related to Mozilla’s CA Program <https://wiki.mozilla.org/CA> which govern the default set of certificates in Network Security Services (NSS) and distributed in Mozilla’s software products. They are: 1) CA Certificates <https://wiki.mozilla.org/Modules/All#CA_Certificates> Description: Determine which root certificates should be included in Mozilla software products, which trust bits should be set on them, and which of them should be enabled for EV treatment. Evaluate requests from Certification Authorities (CAs) for inclusion or removal of root certificates, and for updating trust bit settings or enabling EV treatment for already included root certificates. *Current Owner: Kathleen Wilson -- Proposed Owner: Ben WilsonCurrent Peer(s): Ben Wilson -- Proposed Peers: Kathleen Wilson* 2) Mozilla CA Certificate Policy <https://wiki.mozilla.org/Modules/All#Mozilla_CA_Certificate_Policy> Description: Definition and enforcement of policies governing Certification Authorities, their root certificates included in Mozilla software products, and intermediate and end-entity certificates within those CA hierarchies. Owner: Kathleen Wilson -- no change Peer(s): Ben Wilson – no change Thanks, Kathleen ~~ -- You received this message because you are subscribed to the Google Groups "[email protected]" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To view this discussion on the web visit https://groups.google.com/a/mozilla.org/d/msgid/dev-security-policy/cb214aa9-b615-46fc-b5ac-3027544370a9n%40mozilla.org.
