On 24/12/08 03:16, Nelson B Bolyard wrote:
Ian G wrote, On 2008-12-23 05:58:
3. How to resolve a dispute. This is a Mozilla action&
responsibility. Reverse-engineering and referring, I would suggest this
as a teaser:
a. The CA certificate "module owner" at Mozilla foundation is
responsible. Ref, the policy, pt 15.
b. The dispute is investigated and ruled on by module owner.
For there to be a "CA certificate module owner", there would have to be
a "CA certificate Module". Presently, there is no such module. Maybe
there should be.
I was searching for the role, and found that term in the policy, I
think. Mentally, I call it "the CA desk" and sometimes use that term.
The earlier text had a term "CA Manager" which is a bit old-fashioned.
It's whatever it ends up being called, the point for me was "one person
at Mozo who knows this stuff, decides!"
As you probably know, Mozilla now has "code modules"
and "non code modules". I think the CA certificate module would be a
non-code module. Yeah, ultimately whatever certs are accepted by Mozilla
do get stored in NSS, but the NSS developers just abide with Mozilla's
decisions about that. There's only ever been one real disagreement
between Mozilla and NSS about root CA certs, and that was how the whole
process we have now got started. Since then, it's been smooth sailing.
I expect it will continue to be that for a long time.
Anyway, I would support the creation of a "CA certificate" non-code module.
OK.
To address Frank's comment:
>> 4. Finality. ... In the policy, it says "... mozilla.org staff..."
> There is no longer a "mozilla.org staff" ...
(In which case, a policy change will be needed one day.)
I would let my comment stand. The point here is that if the day-to-day
manager is disputed, an immediate next-desk-warmer isn't going to help
much. Go for the top, hand it to the ultimate responsible party, the
board. The need here is to send a serious signal, short circuit the
process, and avoid any additional layers of bureaucracy.
iang
_______________________________________________
dev-tech-crypto mailing list
dev-tech-crypto@lists.mozilla.org
https://lists.mozilla.org/listinfo/dev-tech-crypto
