Frank Hecker wrote: > The present Mozila policy and its application in practice essentially are > attempts > to find a middle way; like all compromises, these attempts by nature > will annoy almost everyone and satisfy almost no one. (And I count myelf > among those annoyed and not satisfied.) > I believe that the Mozilla CA policy reflects your pragmatic view on the subject (almost obvious? ;-) )...
But I also believe that _because_ of that, Mozilla shouldn't have the _need_ to compromise further than that. Meaning, if you want to have CAs improve their practices when needed, you must have also a stick in your hand, not only a carrot. If you want CAs take you (Mozilla) serious, we must all take the policy serious in first place. I believe that there is a line which must be drawn somewhere....I for my part would really like to know, where this line is, what are the do's and what are the dont's. > I can't speak for other people, but in this case > (WISeKey) I think it would be useful to have a little more information > about what's going on with regard to these customer-hosted CAs, without > necessarily thinking that that information is going to radically change > my view of the situation one way or another. I'm not sure if we need more information, because the information provided is sufficient enough. We need a decision if their practices in this specific case are sufficient to satisfy the Mozilla policy or if the risk is perhaps too high. I believe that WISeKey should be persuaded to change that practice and I sincerely believe that if they agree to it, they actually commit and stick to it. I've found ,that they are knowing very well what they are doing and what they aren't doing. So there is no issue of honesty or lack of information, but about what they are prepared to do for their products. > I'll look again through the > information WISeKey has provided already (which is a fair amount), and > then ask a few more questions if needed. > > -- Regards Signer: Eddy Nigg, StartCom Ltd. <http://www.startcom.org> Jabber: [EMAIL PROTECTED] <xmpp:[EMAIL PROTECTED]> Blog: Join the Revolution! <http://blog.startcom.org> Phone: +1.213.341.0390 _______________________________________________ dev-tech-crypto mailing list dev-tech-crypto@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-tech-crypto
