Ian G wrote: > Well, not financially, more like the policy side is impacted by the > CAs, which are coordinated in a confidential industry body called > CABForum. This body communicates internally to Mozilla (being a > member) and via private comment by CAs to the CA desk.
AFAIK, the CABForum has a very limited influence on Mozilla's CA inclusion policy and all of our CA policy discussions are public: http://groups.google.com/group/mozilla.dev.security.policy/topics?pli=1 > The chances of them approving or agreeing to EKE are next to nil. > The problem with Mozilla security > coding is more this: most (all?) of the programmers who work in that > area are all employees of the big software providers. And they all > have a vested interest in working for the status quo, all are opposed > to any change. * https://wiki.mozilla.org/Identity/Features/Verified_Email_Service https://wiki.mozilla.org/Identity/Verified_Email_Protocol * https://wiki.mozilla.org/Security/DNSSEC-TLS https://bugzilla.mozilla.org/show_bug.cgi?id=589537 * http://www.mail-archive.com/dev-tech-crypto@lists.mozilla.org/msg10018.html https://bugzilla.mozilla.org/show_bug.cgi?id=532127 https://bugzilla.mozilla.org/show_bug.cgi?id=405155 https://bugzilla.mozilla.org/show_bug.cgi?id=356855 * http://www.usenix.org/events/sec11/tech/ SSL/TLS Certificates: Threat or Menace? Moderator: Eric Rescorla, RTFM, Inc. Panelists: Adam Langley, Google; Brian Smith, Mozilla; Stephen Schultze, Princeton University; Steve Kent, BBN Technologies Cheers, Brian _______________________________________________ cryptography mailing list cryptography@randombit.net http://lists.randombit.net/mailman/listinfo/cryptography