pascal chevrel wrote, on 2008-05-22 13:01 PDT: > Eddy Nigg (StartCom Ltd.) a écrit :
>> http://wiki.mozilla.org/CA:Root_Certificate_Requests > > This page was created in March, they provided all the data in February > based on the scarse documentation we could point them too. You can't > blame them for not following guidelines that didn't exist, especially if > you haven't informed them personally of a process change after they > provided the requested information. Pascal, The requirements did not change in March. The requirements have been the same for a very long time. The creation of the template page in March was in response to the fact that quite a few CAs apparently did not attempt to fulfill the published requirements when making their applications. The template page now serves as a convenient and succinct way to tell CAs what they must provide. It is ANOTHER way of stating the existing requirements, not a new or changed requirement. > FNMT has emailed gerv asking if they should open a separate bug or not > asking if we needed more information and if they were following the > right process. They didn't get any response that's why I attached the > files they had sent to the bug. Gerv doesn't work on this any more. The person assigned to administering the process changes from time to time. There is an email address for the administration that does not change when the assignment changes. That email address ([EMAIL PROTECTED]) is published, together with the requirements, in http://www.mozilla.org/projects/security/certs/policy/ That email address is the only address that has been published for this purpose since Mozilla's CA cert policy first went into effect years ago. > I understand that there is a long backlog, that everybody is busy and > that other CA are much more active on bugzilla than FNMT , but saying > that they did it incorrectly while we had no clear process to follow and > ignored their email is not correct, we definitely have our own wrongs on > this issue (and probably other CAs). They won't get a yes/no answer until they have supplied all the requisite information in the bug. > Fact is that a bug is open, that FNMT has contacted Mozilla Foundation > directly both by email According to your report, they contacted a private person formerly responsible for administering the policy, not Mozilla Foundation. > and in the bug, they provided the information we were asking They did? That information was supplied in comment 8 by a third party, namely you. Are you an official representative of FNMT? If not, then I suggest that you step back, and make it clear to FNMT that they must communicate with Mozilla directly in the bug. Again, that is not a new requirement. Mozilla has enforced that policy for years. > and are waiting for us to get back to them with a yes or no > answer. I suspect that YOU set their expectation in this matter. I suggest that YOU should reset their expectations to be in line with Mozilla's policy. _______________________________________________ dev-tech-crypto mailing list dev-tech-crypto@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-tech-crypto
