Nelson B Bolyard wrote:
So, where's the official list of CA certs in mozilla?
Right now we don't have such an official list, other than what's in the source code itself. I've never had the time to go through the source and create a web page with a list of CAs, especially with the additional information I try to collect, like web site URLs, policy documents, links to WebTrust audit reports, URLs for CRLs and OCSP, etc.).
I'd welcome help from any who wishes to help generate such an official list. To help ease the task of updating the list, I'm thinking about putting it on wiki.mozilla.org, with some controls on who can edit the page (for obvious reasons).
There's also an issue of how best to keep and publish the data for the CA certificates themselves: publish them in-line within the list itself? have a separate page or pages for each CA's certs? put them on a separate system with appropriate MIME types to allow easy downloading and installation? and so on...
And where is the official list of certs not in mozilla (with reasons why)?
Again, there is no such official list. What would have to be done here is to go through Bugzilla looking for all bugs with product "mozilla.org" and component "CA certificates" and see how they were disposed. Note that in many cases CA requests were never officially denied but are just in limbo: the CA never got back to me to answer certain questions or issues, but I didn't resolve the bug as WONTFIX.
Because my current position leaves me with little time for CA-related activities, I'd really welcome help from volunteers who'd like to assist with the various aspects of evaluating CAs for inclusion, including filing bugs, collecting and publishing information about the CAs, starting threads in m.d.t.crypto to discuss particular requests, following up with CAs to get more information as needed, and so on. Over time I'd be happy to have someone else take over this task entirely as a sort of module owner, if/when they have a sufficiently good track record at doing it.
Frank -- Frank Hecker [EMAIL PROTECTED] _______________________________________________ dev-tech-crypto mailing list dev-tech-crypto@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-tech-crypto
