On 10/2/09 02:23, Nelson B Bolyard wrote:
I'd post this in the policy working group, if that was operational ... :(
I also don't like this discussion about waiting for some perfect A-list of tech. We've got the NNTP thing, we've got the ordinary mail, what are we waiting on now? google-phone? twitter?
On to your important question. My views would fall on the "against change" side for now.
While I do not wish in any way to question or reduce the value of Kathleen's evaluation, I wonder if it is right for us to allow CA applications to be approved in the absence of any real public discussion.
According to the policy, yes it is right. Point 1, 2.
In the complete absence of any discussion, positive or negative, does it seem right to allow CAs to go into the list by default? Should we have a quorum requirement, of some sort, requiring pasticipation by at least N members before allowing approval?
That old Churchill comment: Democracy is a terrible system, but it beats the next best system hands down ... or was it, Democracy is 3 wolves and a sheep, voting on who to have for dinner :)
More seriously ... democracy works when there is a fight for limited resources. Firstly, there is no limited resource here; the root list can be as long as a list.
Secondly, we have to worry about the quality of the fight. On the one side, if there is to be a fight, we can be sure that the CA will muster the friends it needs to carry on the fight. So numbers won't be an issue for them. Nor "independence" nor "seriousness". And if they don't, then it is because they are stupid or honest, and we aren't in the game of punishing people for being stupid or honest.
On the other side, we have a group of people who might comment, "independently" and another group of people who might have a bone to pick, a fight for the sake of the fight, or a hobby horse. You might recall that (some?) political parties now routinely pay people to fill up blog postings with positive/negative remarks.
What we lack is any incentive for people to take on the independent role in what passes as a sustainable economic effort.
It bothers me that a CA might get into the list simply because no one (besides Kathleen) had (or took) the time to seriously evaluation the application.
I think -- personal & likely biased opinion only -- you might get more value by looking inside the foundation and asking them to expand the resources available on the CA desk. Their job is to be independent, and so far, that's worked out, more or less.
(FTR, I've already written off-list emails to them on this subject. I know some changes have been made, and it takes time.)
This seems especially problematic given that it appears to be nigh unto impossible to remove a CA from the list.
Yup, no matter how much work you put into the first application, we need a "corrective" after-the-fact measure. All non-brittle systems need some measure of fixing.
iang -- dev-tech-crypto mailing list dev-tech-crypto@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-tech-crypto
