We understand that WoTrus (WoSign changed their name some months ago) are working towards a re-application to join the Mozilla Root Program. Richard Wang recently asked us to approve a particular auditor as being suitable to audit their operations.
In the WoSign Action Items bug: https://bugzilla.mozilla.org/show_bug.cgi?id=1311824 Kathleen wrote "WoSign may apply for inclusion of new (replacement) root certificates[1] following Mozilla's normal root inclusion/change process[2] (minus waiting in the queue for the discussion), after they have completed all of the following action items, and no earlier than June 1, 2017." However, one step in the inclusion process is the public discussion, and we have some reason to believe that this may lead to significant objections being raised. It would not be reasonable to encourage WoSign to complete all the other steps in the process if there was little or no chance of them being approved in public discussion. So Kathleen and I thought it would be best to have a pre-discussion now, in order to make sure that expectations are set appropriately. If WoTrus had completed all the action items in the bug and arrived at the public discussion part of the application, what would people say? If you raise an objection, please say if there is any way at all that you think WoTrus could address your issue. Thanks for your input, Gerv _______________________________________________ dev-security-policy mailing list dev-security-policy@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-security-policy