Even though the discussion period has ended, Mozilla will continue to consider factual information that is submitted as comments here: https://bugzilla.mozilla.org/show_bug.cgi?id=1325532
Your concern about "without comment and then get approved" may stem from a misunderstanding of Mozilla's process, as documented here: https://wiki.mozilla.org/CA/Application_Verification A lack of comments indicates that the community is satisfied with the review that was performed on the inclusion request. Finally it seems that your concerns with this request have to do with browser vendors also operating CAs? If so, I think that is a topic that is much broader than this inclusion request. Google already operates as a CA via cross-signing, as do Microsoft and Apple. On Mon, Sep 17, 2018 at 8:29 AM jtness--- via dev-security-policy < dev-security-policy@lists.mozilla.org> wrote: > I am disappointed I didn't see this before the three week comment period, > because this is an incredible disaster. Mozilla is seriously considering > permitting a company with a completely unilateral ability to shut other > Root CAs down (via their market share over Chrome and Android, and that the > CAB has no legal authority to countermand their decisions on what CAs they > trust), to then also be a competitor to these companies which it can > unilaterally remove from the market? This is the sort of world-ending crud > that shouldn't pass through a random Google Group without comment and then > get approved. > _______________________________________________ > dev-security-policy mailing list > dev-security-policy@lists.mozilla.org > https://lists.mozilla.org/listinfo/dev-security-policy > _______________________________________________ dev-security-policy mailing list dev-security-policy@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-security-policy
