Frank Hecker: > > (Of course you or > anyone else could have been doing review prior to that, based on the > information in the bug.) >
I don't think it to be very useful and efficient to start a review prior to the "information complete state" and have the CA confirmed by you for public discussion. Bugs can hang in there for long periods sometimes and except if I have a special interest in the bug I usually don't interfere or even attempt to find any shortcomings, since the process hasn't been concluded yet. When you usually submit the CA to the comments period and as you also mention in the message to the list, the CA has entered the last stage and from your point of view met all requirements of the Mozilla CA policy. Now it's up to the community to review your assessments and point out eventual problems with the particular CA. That's how I understand the process. Now, as you know very well by yourself, merely reading through the most important information, starting from the pending page, bug entry, CA policies and practice statements and audit reports, depending on the complexity of the CA, it can take a considerable amount of time. Having 3-4 CAs in the comments period is beyond the time I can allot for this purpose and I'm not aware of anybody else performing the "duties" of the community... (Besides that, I know that some other members of the NSS team actually count on me to regularly make those reviews). I just wanted to make you aware of it and perhaps schedule comment periods accordingly so that this part of the process doesn't suffer because of that. For now I'll make use of your offer should I need any more time... -- Regards Signer: Eddy Nigg, StartCom Ltd. Jabber: [EMAIL PROTECTED] Blog: https://blog.startcom.org _______________________________________________ dev-tech-crypto mailing list [email protected] https://lists.mozilla.org/listinfo/dev-tech-crypto
