Frank Hecker wrote [in part]: > > In an earlier message I promised to create a "metapolicy" that would > explain and clarify the philosophy behind the proposed CA certificate > policy. Among other things, this will help guide me in creating the next > version of the proposed policy, and some if not all of this material > will also show up in the rationales section of the FAQ. (In the FAQ I'll > probably just call this the philosophy behind the policy, after David > Ross, but for now I can't resist the coolness factor of "metapolicy".)
[snipped] > 18. Any decisions made related to a CA certificate being included in > Mozilla should be publicized in a manner consistent with other matters > of interest to Mozilla users, including matters relating to > security-related bugs. Possible channels for this include the Mozilla > release notes, special areas on the mozilla.org web site, and the like. A specific Web page should be created for this information. For each CA certificate, the following information should be provided (using Hecker's broad definition of "Mozilla"): * certificate name as seen in the Certificate Manager window * link to the CA home page * Mozilla version in which this certificate was added to the database * a link to a Mozilla.org page from which this certificate may be imported into older Mozilla versions * criteria used for approving the certificate for inclusion in the database * the default purposes for which the certificate was included in the database Further, if a certificate is removed from the database (per metapolicy #19), this Web page should indicate that fact so that certificates in older versions of Mozilla can be disabled or removed by their users. -- David E. Ross <http://www.rossde.com/> I use Mozilla as my Web browser because I want a browser that complies with Web standards. See <http://www.mozilla.org/>. _______________________________________________ mozilla-crypto mailing list [EMAIL PROTECTED] http://mail.mozilla.org/listinfo/mozilla-crypto
