All, I am considering tweaking the prioritization criteria for inclusion requests to prioritize applicants who have been previously approved as externally operated intermediate CAs (and that are then requesting direct inclusion).
So https://wiki.mozilla.org/CA/Prioritization would be updated. For example, "P1 = High (Applicant has good compliance history and is replacing an already-included CA certificate)" could become "P1 = High (Applicant has good compliance history and is replacing an already-included CA certificate or is previously approved as a subordinate CA operator)" "3 - Replacing Existing (Existing CA operators that are replacing an already-included root certificate) https://wiki.mozilla.org/CA/Certificate_Change_Process " could become "3 - Replacing Existing (Existing CA operators that are replacing an already-included root certificate, https://wiki.mozilla.org/CA/Certificate_Change_Process, or is a previously approved subordinate CA operator who is requesting direct inclusion) " I was also thinking that applications that only seek enablement of the email trust bit should be prioritized because the level of effort and due diligence to review those roots aren't as great as with those seeking enablement of the websites trust bit. I haven't developed language yet on how to prioritize SMIME-only roots. For instance, I might amend "5 - Single-Purpose, Separate Roots (Hierarchies that are separated by root for a particular purpose)" to address SMIME-only roots specifically. Thoughts? Ben -- You received this message because you are subscribed to the Google Groups "[email protected]" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To view this discussion on the web visit https://groups.google.com/a/mozilla.org/d/msgid/dev-security-policy/CA%2B1gtaZJsfbiDo%3DKD90Rv_LwMOive5cFiMZC7%3DHVcaigkVTdqw%40mail.gmail.com.
