Nelson Bolyard wrote: > I wanted, but did not find, a summary table. So I made one, using bugzilla. > I took the status information in the pending page and updated the > individual bugzilla bugs with it. For every CA listed on the pending page > whose request bug is still open, I updated it with the status from the > pending page. I also changed the bug summaries of (nearly all) those bugs > to have a similar concise syntax, so one can see at a glance which CA is > the subject of the bug, and whether the request is for EV, or not.
And incidentally, we all owe Nelson thanks for doing this (just as we owe Gerv thanks for setting up the original pending page on www.mozilla.org). Thank you Nelson! > 1) When I look at the bugzilla bug list of open root CA requests, at >> https://bugzilla.mozilla.org/buglist.cgi?query_format=advanced&product=mozilla.org&component=CA+Certificates&bug_status=UNCONFIRMED&bug_status=NEW&bug_status=ASSIGNED&bug_status=REOPENED&bug_severity=enhancement&chfieldfrom=2004-04-01&chfieldto=Now&chfield=%5BBug+creation%5D&cmdtype=doit > > I now immediately see the status information of every bug. To do that, > I view these columns: ID, (Date) Opened, Whiteboard, Full Summary. > The whiteboard column now shows the status info. Hmmm, when I use that URL I don't see a whiteboard column. Am I doing something wrong? > 5) I think there are still some discrepancies. For example, the Pending > page says that bug 335197 "Add KISA root CA Certificate" is in "public > discussion" state, but after studying the bug, I conclude that it is NOT > yet in that state. Frank's most recent comment suggests he has more > review to do on it. I think the "Information Probably Complete" state > is more accurate for that request. Actually, KISA indeed entered the public discussion stage, in the sense that I gave preliminary approval. What happened then was that Eddy and I think others raised a number of issues, and I haven't gone back to do a final evaluation in light of the new material provided by KISA and others. That's on my list to do. (WISeKey is in this same situation as well.) > I think it's safe to say that the backlog of root CA requests will not > have been entirely cleared by the time FF3 ships. That is entirely correct. > I think Mozilla desires to maximize the number of issued certs that will be > recognized as valid by FF3 when it ships, in order to minimize the number > of complaints from FF3 users about their favorite site's certs being > unrecognized. I think that has led to an approximate ordering of the > requests from biggest (most certs issued) to smallest (least certs issued), > and from requests that take the least time to evaluate to those that take > the most time to evaluate. It's not quite as logical as that, as noted in my previous message. In several cases I've taken smaller CAs' requests first if they looked clean and I could evaluate them relatively quickly. > It appears to me that each request to add a new cert (or certs) for a CA > whose certs are not already in the list takes roughly the same amount of > time to evaluate, whether that CA serves tens of certs or thousands of > certs. Correct. > It appears to me that the requests to give EV approval to certs > already in FF's root list takes much less time to evaluate than requests > for certs not yet included in the list. Correct in general. > If I'm right that Mozilla has chosen to order the requests in decreasing > order by number of certs issued (or equivalently, https server market share) > I think it would be good for Mozilla to publish that fact. As previously noted, you're assuming more logic here than there actually is; I don't look as much at market share as might be justifiable. Frank -- Frank Hecker [EMAIL PROTECTED] _______________________________________________ dev-tech-crypto mailing list dev-tech-crypto@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-tech-crypto
