Hello, The Mozilla root store policy should include a section that sets out time limit periods in numbered stages for non-compliance CA discussions. That way everything is fair, can't be disputed and everyone knows when the discussion of the non-compliance CA will conclude. Then the decision from the root store policy owners will proceed shortly afterwards to either accept the remediation plan from the CA or proceed with the partial or complete removal of the CA from the root store.
These time limits below should be enough ample time for the discussion to take place between the CA, the community and the root store policy owners. Stage 1 (Discussion Period: *1 Week*): - Official notification to all that an investigation regarding the non-compliance issues of the CA has started. - Requests for additional information, etc. Stage 2 (Discussion Period: *4 Weeks*): - The CA to produces a draft remediation plan. - The CA answers all questions from the root store policy owners and the community. - Requests for additional information, etc. Stage 3 (Discussion Period: *2 Weeks*): - Discussion of the final remediation plan proposed by the CA. - Discussion of whether to partial distrust or full distrust of the CA. - Requests for anymore additional information. The decision by the root store policy owners. Thank you Burton _______________________________________________ dev-security-policy mailing list dev-security-policy@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-security-policy
