All, This email introduces public discussion regarding additions/clarifications to be included in the next version of the Mozilla Root Store Policy (MSRP), version 2.8, to be published this year. (See https://github.com/mozilla/pkipolicy/labels/2.8)
<https://github.com/mozilla/pkipolicy/issues/195> <https://github.com/mozilla/pkipolicy/issues/195> Github Issue #195 <https://github.com/mozilla/pkipolicy/issues/195> proposes that we clarify that public discussion is required when a new CA operator (not previously part of the Mozilla Program) obtains a sub CA that is not technically constrained. Here is some draft language for discussion. It would add to MRSP Section 7.1, after "We will make such decisions through a public process.", the following: This public-review-and-discussion process SHALL also occur for any CA operator obtaining an unconstrained CA certificate that has not previously undergone such process, regardless of when the unconstrained CA certificate was obtained. This includes CA operators with intermediate CAs that are currently trusted by Mozilla even though they do not have root CAs trusted by Mozilla (i.e. there is no "bootstrapping" or "grandfathering" for CA operators who have not previously undergone a public-review-and-discussion process by Mozilla). https://github.com/BenWilson-Mozilla/pkipolicy/commit/8f534855555a00b9289f9f6b05158647b74ad3ab We welcome your comments and suggestions. Thanks, Ben Wilson Mozilla Root Program -- You received this message because you are subscribed to the Google Groups "[email protected]" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To view this discussion on the web visit https://groups.google.com/a/mozilla.org/d/msgid/dev-security-policy/CA%2B1gtaaooEjiye9uD-85Qvh9MsdjHipfjkd_-csGc1D5bsm_uQ%40mail.gmail.com.
