As promised in my previous message I managed to find some spare time and do a revised draft of the CA certificate policy and related documents; in particular we have the core policy proposal:
http://www.hecker.org/mozilla/ca-certificate-policy/
the proposed details of the policy and how it would be implemented:
http://www.hecker.org/mozilla/ca-certificate-faq/policy-details/
I just started to read this, and need to read it more tomorrow. One initial point. I think we're sending mixed signals to readers about where is the appropriatre place for them to add comments about individual CA applications.
I've been telling people to disucss it in the newsgroup, NOT in bugzilla. I believe bugzilla is NOT the place for general advocacy discussions. I believe the comments in bugzilla about a particular application should be limited to a) the sole champion of the CA b) the "module owner" of the certificates module c) any developers specifically tasked with doing the jobs of making source changes. d) mozilla foundation members.
IMO, we do NOT want any more bugs with hundreds of people on the cc list and hundreds of comments in them.
Yet your new policy details doc says:
"The module owner and other interested parties will discuss the
request in Bugzilla (not in the newsgroup and mailing list)."Maybe if you define "interested parties" to include only the folks I named above, I'd agree.
And finally, a big "I'm sorry" to all the CAs out there who've sent in requests thus far, requests which have gone unanswered and (in many cases) unacknowledged.
I have just one question about this. Are there any outstanding trusted CA applications that are NOT yet represented by bugs that are blocked by bug http://bugzilla.mozilla.org/show_bug.cgi?id=233453 ?
Do we know who all the current applicants are?
-- Nelson B
_______________________________________________ mozilla-crypto mailing list [EMAIL PROTECTED] http://mail.mozilla.org/listinfo/mozilla-crypto
