Frank Hecker wrote: > As it happens, I will be starting the first public comment period for > T-Systems today.
That really is good news! > We are doing what we can. However by design we do not simply > "rubber-stamp" CA requests. We have an official policy which was > developed through a process of community consultation, and we follow a > similar process of community discussion when considering CAs. We do have > more people now working on CA-related tasks (unlike previously when I > was the only person, and could do it only part-time). However the > process will never be quick IMO. I don't want you to wave through every request you receive. I think a thorough inspection of every applicant is a good thing. But if you look at it from the user experience side of things: The warning you get for a certificate that is not trusted is really annoying. An EV certificate that goes back to a root that is not EV enabled is not a problem for the user experience. So I think it's more important to get new CAs in than to enable old ones for EV. But that's just my 2 cents. Thorsten _______________________________________________ dev-tech-crypto mailing list dev-tech-crypto@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-tech-crypto
