Mark Hobbs wrote:
This is not easy stuff especially if a global standard is required.
It occurs to me that this process should be repeated for every country. This is the impracticality of the "one true root list" writ large; but that's where we're at.
I recall that the policy and root list setting is just for the default distribution, and not for any customised distribution.
So, is there a German distribution? And could that distro team/list be charged with handling the German CAs?
Even as a first step, one could suggest that the way to get into the root list would be via the country distro. First step, get on the country list, and then proceed with promotion to the global default root list.
Or something like that ... just brainstorming here, obviously that sort of process sucks, but so does does the current process. It's already clear that even if Frank were working full time on this issue, he'd still be a bottleneck ... the way the CA concept was originally pushed by the architects, every country was to pass DSA style laws, so every country needs to be Due Diligenced to whatever standard MF can come up with.
(Thankfully, a lot of countries backed off from the heavyweight model and passed "digsig-is-a-sig" model laws only so we aren't dealing with the 200+ countries here.)
iang
_______________________________________________ mozilla-crypto mailing list [email protected] http://mail.mozilla.org/listinfo/mozilla-crypto
