David E. Ross wrote: > > Bug 413375 deals primarily (if not entirely) with certificates that have > technical flaws. The concern that is the basis of this thread is > certificates whose CAs are behaving inappropriately. Either bug 413375 > should be updated (including the summary) to expand its scope, or else a > new bug report should be generated. > Yes, so #3 deals briefly with certificates which are removed because of the reasons we are discussing here. But you are right, it's more a policy for the NSS folks, what exactly to do under which circumstances. > Further, I think a formal policy is required, not merely a guideline. > OK > The brief phrase in section 4 of the existing policy that I cited should > be deleted from that policy. Or simply refer to the "Removal Policy" or however we want to call that instead. > Instead, we should have a policy on > approving certificates (the current policy) and a new policy on > disapproving previously approved certificates. > I think this to be a good idea. > I prefer the idea of separate policies so that, when one aspect of > overall certificate management policy is being updated, that does not > open a discussion of other aspects. Having a single comprehensive > policy would generate a prolonged discussion and inhibit decisive > action. Having multiple policies (without overlaps) helps to focus on > what needs to be modified. > Agreed. Frank I guess you must make a decision here on the approach, if, when, how, etc. concerning this...
-- Regards Signer: Eddy Nigg, StartCom Ltd. <http://www.startcom.org> Jabber: [EMAIL PROTECTED] <xmpp:[EMAIL PROTECTED]> Blog: Join the Revolution! <http://blog.startcom.org> Phone: +1.213.341.0390 _______________________________________________ dev-tech-crypto mailing list [email protected] https://lists.mozilla.org/listinfo/dev-tech-crypto
