On Mon, Mar 13, 2023 at 2:35 PM Kathleen Wilson <[email protected]> wrote:
> All, > > As per Mozilla's root inclusion process I need to make a decision about > approving or denying this root inclusion request from the Beijing CA. > The following pages document that you own the program: https://wiki.mozilla.org/CA/Policy_Participants Kathleen Wilson Owner of the Mozilla CA Certificates Module; posting in an official capacity. https://wiki.mozilla.org/SecurityEngineering Mozilla's CA Certificate Program (Program Manager: Kathleen Wilson) But to clarify, you have the final and sole authority for Mozilla to approve/disapprove root certificate inclusions in Mozilla? According to: https://wiki.mozilla.org/CA/Application_Process === Following public discussion, a representative of Mozilla will post on the Mozilla dev-security-policy list and indicate Mozilla's intent to either approve or reject the inclusion request. === So to confirm: this all rests on you, and not a group? What happens if you get hit by a bus or take a sabbatical? Who is next in line to make these decisions? Is this documented publicly? I can't find any document or web page that documents this or explains it. > In my opinion, the Beijing CA has successfully completed our root > inclusion process and demonstrated compliance with all of our rules and > policies. Therefore, my inclination is to approve this request. > > There has been one item holding up my approval, which is the concerns > raised by contributors to this forum that the One Pass software might be > malware. I have been unable to find evidence to convince myself that the > One Pass software is malware, so I would like to ask those of you who have > raised such concerns... > > Is there something specifically that you have observed that One Pass does > that disrupts or damages the user's system or gains unauthorized access? > > If I continue to be unable to obtain reasonable suspicion > <https://www.merriam-webster.com/legal/reasonable%20suspicion> that One > Pass is malware, then I will proceed with approving this CA's root > inclusion request this week. > > Thanks, > Kathleen > > > -- > You received this message because you are subscribed to the Google Groups " > [email protected]" group. > To unsubscribe from this group and stop receiving emails from it, send an > email to [email protected]. > To view this discussion on the web visit > https://groups.google.com/a/mozilla.org/d/msgid/dev-security-policy/a703dcde-67e5-4fc0-b036-1be8fa01038dn%40mozilla.org > <https://groups.google.com/a/mozilla.org/d/msgid/dev-security-policy/a703dcde-67e5-4fc0-b036-1be8fa01038dn%40mozilla.org?utm_medium=email&utm_source=footer> > . > -- Kurt Seifried (He/Him) [email protected] -- You received this message because you are subscribed to the Google Groups "[email protected]" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To view this discussion on the web visit https://groups.google.com/a/mozilla.org/d/msgid/dev-security-policy/CABqVa3995SG3C_ddtnkRamsJVr%3DcAyV1m4nDFBYFf0OwErqrtg%40mail.gmail.com.
