Hi Kurt, As we work on enhancements to the Mozilla Root Store Policy, those changes or suggestions get logged in GitHub as issues. https://github.com/mozilla/pkipolicy/issues They can get discussed there in GitHub. Then, they are triaged and labeled for future releases. E.g. https://github.com/mozilla/pkipolicy/labels/2.8.1. Then the issues or potential changes are discussed in batch-form on this list, where I prefer discussion takes place once I announce a discussion of the issue number. I flag issue number and the future release's version number in the subject line. See https://groups.google.com/a/mozilla.org/g/dev-security-policy/search?q=subject%3A%222.8.1 Ben
On Thu, Jan 19, 2023 at 5:13 PM Kurt Seifried <[email protected]> wrote: > Where does discussion/creation of this policy take place? > > Also specific feedback: > > RFC2119, instead of SHALL use MUST, it's more declarative and you don't > have to read the RFC to realize SHALL == MUST: > > 1. MUST This word, or the terms "REQUIRED" or "SHALL", mean that the > definition is an absolute requirement of the specification. > > With respect to adding the public@ list as required reading, there's no > mention of signing up and issues around the anti-spam measures now. It > might be worth noting that CA's SHOULD use their domain to make matching up > the email to the company easier, but they can also use @gmail.com or > whatever, and in this case they may need to take additional steps to prove > they are acting on behalf of the CA they claim to be. > > Also the (wiki page? I can't find the link right now) of the list of > people and who they represent (if any) for the mailing list, is that > something the CA's should be filling out? > > > > On Thu, Jan 19, 2023 at 4:04 PM Ben Wilson <[email protected]> wrote: > >> All, >> >> We are nearing the point where we will finalize version 2.8.1 of the >> Mozilla Root Store Policy. Here is a GitHub comparison containing the >> proposed changes: >> >> >> https://github.com/mozilla/pkipolicy/compare/e30d031a375927a3e0eadddf2fece4b2488f9c1e..f634a41671fe1319b1449a9ffe253449b380fcf9 >> >> Please provide any final comments. >> >> Thanks, >> >> Ben >> >> -- >> You received this message because you are subscribed to the Google Groups >> "[email protected]" group. >> To unsubscribe from this group and stop receiving emails from it, send an >> email to [email protected]. >> To view this discussion on the web visit >> https://groups.google.com/a/mozilla.org/d/msgid/dev-security-policy/CA%2B1gtab5QC5V1f%2BQHmpkPQ7B_7%3DY1E6OK6YMnOTbVzorcUSjyA%40mail.gmail.com >> <https://groups.google.com/a/mozilla.org/d/msgid/dev-security-policy/CA%2B1gtab5QC5V1f%2BQHmpkPQ7B_7%3DY1E6OK6YMnOTbVzorcUSjyA%40mail.gmail.com?utm_medium=email&utm_source=footer> >> . >> > > > -- > Kurt Seifried (He/Him) > [email protected] > -- You received this message because you are subscribed to the Google Groups "[email protected]" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To view this discussion on the web visit https://groups.google.com/a/mozilla.org/d/msgid/dev-security-policy/CA%2B1gtaYZ%3DpwPXiHfNv93yPWOJ%3DCq9fSUeFkSisOR4yYVgDxsng%40mail.gmail.com.
