Sure, happy to take a look. I think Ryan H. makes some good points and I'm not entirely opposed to acquisitions or transfers. My standpoint is that when a transfer is to take place, can we be sure that the right things do happen instead of leaving things to chance? It's the age old problem of encouraging the good and preventing the bad.
Original Message From: Gervase Markham Sent: Tuesday, April 25, 2017 4:28 AM To: Peter Kurrasch; mozilla-dev-security-pol...@lists.mozilla.org Subject: Re: Criticism of Google Re: Google Trust Services roots Hi Peter, On 25/04/17 02:10, Peter Kurrasch wrote: > Fair enough. I propose the following for consideration: As it happens, I have been working on encoding: https://wiki.mozilla.org/CA:RootTransferPolicy into our policy. A sneak preview first draft is here: https://github.com/mozilla/pkipolicy/compare/issue-57 Would you be kind enough to review that and see if it addresses your points and, if not, suggest how it might change and why? I can see the value of a "definition of intention" and the choosing of a category, as long as we are careful to make sure the categories do not preclude operations that we would like to see occur. As Ryan Hurst notes, there is potentially significant value to the ecosystem in root transfers. Gerv _______________________________________________ dev-security-policy mailing list dev-security-policy@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-security-policy