Hi, I haven't had anyone ask about the proposed effective date of this version 2.8.1. I don't see any new requirements that would require lead time for CAs to implement. I should be ready to post this final version within the next two weeks. Does anyone see why an effective date couldn't be February 15, 2023? Thanks, Ben
On Fri, Jan 20, 2023 at 12:57 PM Ben Wilson <bwil...@mozilla.com> wrote: > Hi Kurt, > As we work on enhancements to the Mozilla Root Store Policy, those changes > or suggestions get logged in GitHub as issues. > https://github.com/mozilla/pkipolicy/issues They can get discussed there > in GitHub. Then, they are triaged and labeled for future releases. E.g. > https://github.com/mozilla/pkipolicy/labels/2.8.1. Then the issues or > potential changes are discussed in batch-form on this list, where I prefer > discussion takes place once I announce a discussion of the issue number. I > flag issue number and the future release's version number in the subject > line. See > https://groups.google.com/a/mozilla.org/g/dev-security-policy/search?q=subject%3A%222.8.1 > Ben > > On Thu, Jan 19, 2023 at 5:13 PM Kurt Seifried <k...@seifried.org> wrote: > >> Where does discussion/creation of this policy take place? >> >> Also specific feedback: >> >> RFC2119, instead of SHALL use MUST, it's more declarative and you don't >> have to read the RFC to realize SHALL == MUST: >> >> 1. MUST This word, or the terms "REQUIRED" or "SHALL", mean that the >> definition is an absolute requirement of the specification. >> >> With respect to adding the public@ list as required reading, there's no >> mention of signing up and issues around the anti-spam measures now. It >> might be worth noting that CA's SHOULD use their domain to make matching up >> the email to the company easier, but they can also use @gmail.com or >> whatever, and in this case they may need to take additional steps to prove >> they are acting on behalf of the CA they claim to be. >> >> Also the (wiki page? I can't find the link right now) of the list of >> people and who they represent (if any) for the mailing list, is that >> something the CA's should be filling out? >> >> >> >> On Thu, Jan 19, 2023 at 4:04 PM Ben Wilson <bwil...@mozilla.com> wrote: >> >>> All, >>> >>> We are nearing the point where we will finalize version 2.8.1 of the >>> Mozilla Root Store Policy. Here is a GitHub comparison containing the >>> proposed changes: >>> >>> >>> https://github.com/mozilla/pkipolicy/compare/e30d031a375927a3e0eadddf2fece4b2488f9c1e..f634a41671fe1319b1449a9ffe253449b380fcf9 >>> >>> Please provide any final comments. >>> >>> Thanks, >>> >>> Ben >>> >>> -- >>> You received this message because you are subscribed to the Google >>> Groups "dev-security-policy@mozilla.org" group. >>> To unsubscribe from this group and stop receiving emails from it, send >>> an email to dev-security-policy+unsubscr...@mozilla.org. >>> To view this discussion on the web visit >>> https://groups.google.com/a/mozilla.org/d/msgid/dev-security-policy/CA%2B1gtab5QC5V1f%2BQHmpkPQ7B_7%3DY1E6OK6YMnOTbVzorcUSjyA%40mail.gmail.com >>> <https://groups.google.com/a/mozilla.org/d/msgid/dev-security-policy/CA%2B1gtab5QC5V1f%2BQHmpkPQ7B_7%3DY1E6OK6YMnOTbVzorcUSjyA%40mail.gmail.com?utm_medium=email&utm_source=footer> >>> . >>> >> >> >> -- >> Kurt Seifried (He/Him) >> k...@seifried.org >> > -- You received this message because you are subscribed to the Google Groups "dev-security-policy@mozilla.org" group. To unsubscribe from this group and stop receiving emails from it, send an email to dev-security-policy+unsubscr...@mozilla.org. To view this discussion on the web visit https://groups.google.com/a/mozilla.org/d/msgid/dev-security-policy/CA%2B1gtaZFG4h1zqq6iSU%3DtM9k9t0nh5ehBV9TXh5dhd9FN-mK%2Bw%40mail.gmail.com.
