Paul Hoffman wrote:
At 12:11 AM +0100 1/4/09, Jan Schejbal wrote:
Why is this relevant to this mailing list?
Because there was a security failure in one of the Firefox trusted CAs allowing
anyone to get fake certificates. This event and the reaction of the CA are
important to determine if the CA is (still) trustworthy. It's the same as the
Commodo thing. Just with a way better reaction and without the dodgy background
of dozens of resellers doing (or, in at least one case, not doing) the Domain
Verification.
Sorry, but I don't see that listed as a topic for discussion on the mailing list's
information page <https://lists.mozilla.org/listinfo/dev-tech-crypto>.
I propose that Mozilla form a new mailing list, dev-policy-trustanchors. The
topics for that list would include:
- All new trust anchors being added to the Mozilla trust anchor pile
- Proposals for changes to the Mozilla trust anchor policy
- Complaints about particular participants in the current trust anchor pile
- Discussion of the UI aspects of the PKI in various Mozilla software
I would be in favor of having a separate group/list to discuss the first
3 above issues.
Regarding UI, it's a bit less clear where the discussion of that
belongs. I think given that developer questions are usually lower
traffic, maybe it's OK to have the UI and developer questions remain
together in one single list.
_______________________________________________
dev-tech-crypto mailing list
dev-tech-crypto@lists.mozilla.org
https://lists.mozilla.org/listinfo/dev-tech-crypto
