On Thu, Feb 17, 2022 at 2:52 PM Wayne Thayer <[email protected]> wrote:
> *You will recall participating in the discussion of this policy in 2021 > [2], at which time some similar ideas were suggested by others. I > acknowledge that Mozilla has the right to perform whatever due diligence > they deem appropriate to protect users; however, the decision to do so > should not be arbitrary. What you are proposing amounts to a retroactive > policy change.* > I'm not sure that it would amount to a retroactive policy change? Doesn't that conclusion assume that a positive dispensation should be automatically granted? >From that same policy document: > Following public discussion, the Mozilla CA Program Manager will determine > whether the subCA operator will be accepted, and update the corresponding > CCADB record to indicate the result. and > After a minimum of 3 weeks have passed, a Mozilla representative will > announce a one-week “last call” for objections. Mozilla may determine to > extend public discussion, or approve or reject the subCA operator. I'm suggesting that it would be prudent to either reject, or, alternatively, extend, public discussion until the two processes are in sync. I'm not trying to suggest GoDaddy has done anything wrong in starting this process; as you highlight, it's following the established policy. But I'm suggesting that given the lack of broader context at this time (e.g. the information gathering and review, the detailed CP/CPS assessment) may be sufficient reason to consider holding off accepting. And I did try to capture that if the decision is to accept the sub-CA, at this time, then it's functionally no different than accepting the root CA without those processes being completed. -- You received this message because you are subscribed to the Google Groups "[email protected]" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To view this discussion on the web visit https://groups.google.com/a/mozilla.org/d/msgid/dev-security-policy/CAErg%3DHHXiw7ienF%2BJ%3D0wnka5nusYryZ7ZqqNkco8o8Sev1MQ5g%40mail.gmail.com.
