(Back from errand...) Frank Hecker wrote: > Is your concern that the CPS is dated after the audit? First, feel free > to ask in the bug what changes were made between the audit and the date > of publication of the 1.0 CPS. (I'll do it as well if you don't do it > first.)
Don't bother, I already asked the question in bug 407168. > I have been putting a priority on evaluating EV requests vs. non-EV > requests. These are not new requests (they were made soon after I > solicited EV-related requests) but I only recently started work on them > and solicited any remaining information to fill out the pending list. In > the meantime I worked on a few other EV requests from CAs that don't > have dominant market share. To add a couple points to this: In general I don't have any formal system for prioritizing CA requests. Beyond prioritizing EV requests as I've been doing recently, I typically handle requests based on the relative ease of handling them (i.e., some requests are more straightforward than others in terms of what's requested, what information is available, related issues, etc.), and also based on well CAs can embarrass me into looking at requests I've neglected for reasons of time or otherwise. My level of embarrassment is generally unrelated to the CA's market share; to mangle a metaphor, the squeaky wheels get the grease, but the loudness of the squeak is more important than the size of the wheel. In this case GeoTrust is getting attention because I'm prioritizing EV requests, not because I'm playing favorites with VeriSign-owned CAs. If the latter were the case then I'd be rushing to approve VeriSign's ECC roots (bugs 409235 and 408236, and maybe one or two others); goodness knows I've had enough VeriSign people lobbying both publicly and privately to get these in for Firefox 3 launch. However it's not going to happen; I'll look at them once I get done with the EV roots and clear out other backlogged requests. The bottom line is that if the various EV requests, both VeriSign and non-VeriSign, look OK and don't have material issues that would affect approval, then I'm going to do my best to try to get them through the process in time for them to make Firefox 3.0. I'm not going to hold up a request purely to prove a point about our willingness to stand up to large CAs. Frank -- Frank Hecker [EMAIL PROTECTED] _______________________________________________ dev-tech-crypto mailing list dev-tech-crypto@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-tech-crypto
