My point is this. The BUG TRACKING system is not a place for advocacy of any kind, on topic or off. It is a place for technical issues to be disucssed. If there was a technical problem with adding one of the proposed CA certs to the trust list, the bug would be the right place for it to be discussed, because the discussion would help the assignee of the bug to solve the technical problem. That's what the bug tracking system is for. NOT FOR ADVOCACY.
I think your use of the "technical" vs. "advocacy" dichotomy is somewhat misleading. Here is my personal opinion on which discussions should go where (assuming we have an official policy in place):
1. Bugzilla is clearly the proper place for discussions as to whether to include or not include a particular CA's certs, based on whether they conform to the requirements in the policy as defined.
2. The newsgroup is clearly the proper place for general discussions about the policy, issues that affect all CAs (e.g., whether or not to enable CRL checking by default), issues relating to a particular CA that are outside the scope of the policy (e.g., its sales practices, etc.), and issues relating to the browser's security model in general as it applies to SSL, S/MIME, and code signing.
If discussions of type 1 above start to evolve into discussions of type 2, then I or someone else can encourage people to continue discussions in the proper forum.
Frank
-- Frank Hecker [EMAIL PROTECTED] _______________________________________________ mozilla-crypto mailing list [EMAIL PROTECTED] http://mail.mozilla.org/listinfo/mozilla-crypto
