At 9:00 PM +0200 1/13/09, Eddy Nigg wrote: >On 01/13/2009 05:23 PM, Paul Hoffman: >>>Useful yes, up to certain extend. If there is too much information in the >>>policy, it will start to be problematic. >> >>For whom? > >For Mozilla mostly.
We disagree here. I think it would be more problematic for Mozilla to be accused of having hard-to-find policy changes than to simply change the policy itself when needed. >>Most CAs run businesses where written policies are the norm. > >Mozilla is not a CA. I never said it was. I was talking about Mozilla's partners in the trust anchor pile, all of whom are CAs. >>Where did Frank say, or even hint, that? > >Discussions here. Feel free to correct me (or even better Frank could get >involved a bit more to clarify a few things) When you say that someone else said something, it is *your* responsibility to say where. "Here" is not a sufficient answer. Please point to a message. I say this because I have now (twice) re-read all of Frank's messages and I do not see him saying anything like you say he said. >Feel free to suggest and have it implemented otherwise. I have done so: Mozilla changes its inclusion policy, it informs everyone affected by the policy change, and gives them a period of time to start conforming. If a CA doesn't acknowledge that they conform, Mozilla pulls them from the trust anchor pile. >I was stating the implemented informal approaches as I know them. "Informal" is the operative word here. Many of us would prefer formal approaches. >It's all within the realm of the formal policy, ... that says "we will do things informally". >I did not suggest otherwise. I'm certain you can't point me to anything else >which would suggest otherwise either. Yes, I can. You said: "I think that not every bit and byte must be listed in the policy, but by-laws may exists to assist the intend of the policy." >It's also what I think to be the correct approach. But you are free to differ >and propose a different approach (perhaps one which would pull a root >overnight without notifying the CA even). I am suggesting exactly the opposite. _______________________________________________ dev-tech-crypto mailing list dev-tech-crypto@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-tech-crypto
