Greetings all, I have created a survey <https://forms.gle/Ks3rbQxdkjETR7uJ7> (pasted below) to help shape the agenda for the round-table discussion scheduled for Friday, May 16, 2025.
The survey <https://forms.gle/Ks3rbQxdkjETR7uJ7> will help identify the topics you’re most interested in discussing. Please take a few minutes to review the list of potential topics and indicate your level of interest. Your input will help us prioritize the topics and ensure that the discussion is productive and relevant. You’re welcome to suggest additional topics at the bottom of the survey <https://forms.gle/Ks3rbQxdkjETR7uJ7>. I’ll share a draft agenda and event details here once I’ve reviewed the responses. Thanks, Ben *SURVEY* Respondent Information - Name (optional) - Organization (optional) - Email (optional) Mozilla Root Store Policy (MRSP) and Governance - Adding MRSP Issues in GitHub (Collecting and managing proposed policy changes using GitHub’s issue tracker for transparency and collaboration) - Gather suggestions for improvements to incorporate into MRSP v.3.1 (Soliciting input to shape the next version of the Mozilla Root Store Policy) - Triaging and prioritizing the MRSP Issues listed in GitHub (Deciding which proposed policy updates should be addressed first and how to resolve them) - Mozilla's compliance expectations for new MRSP v.3.0 requirements (Clarifying how CAs should interpret and comply with newly effective policy requirements) - Re-prioritization of Mozilla’s root store policy initiatives and general work conducted (Evaluating whether Mozilla's current focus areas still align with ecosystem needs) ------------------------------ Community Engagement and Communication - Improving community engagement during policy discussions (Exploring ways to increase participation and constructive input in dev-security-policy or GitHub threads) - Improving professionalism and civility and reducing friction during discussions (Establishing norms and tools that encourage respectful dialogue and reduce hostility) - Improving the clarity and effectiveness of dev-security-policy announcements (Making communications clearer and more actionable for stakeholders) ------------------------------ Mozilla CA Wiki and Documentation - Improving and updating information stored on the Mozilla CA wiki (Refreshing outdated content and improving the structure of CA guidance documentation) - Updating the Mozilla CA wiki’s list of recommended practices (Reviewing and expanding best-practice examples for CA operations and disclosures) - Updating the Mozilla CA wiki’s list of problematic practices (Clarifying behaviors that could result in compliance concerns or distrust discussions) ------------------------------ CA Compliance and Maturity - Improving the quality of CAs’ Certification Practice Statements (Identifying common CPS issues and helping CAs meet expectations more effectively) - Improving CA compliance posture, sophistication, i.e. the CA maturity model (Discussing tools and benchmarks to measure and raise the maturity of CA operations) - Challenges that CAs face (Gathering CA pain points or systemic barriers to compliance or improvement) ------------------------------ Root Inclusion and Incident Handling - Improving the speed and quality of Mozilla's root inclusion process (Exploring ways to streamline reviews and have public discussion while maintaining security and public transparency) - Improving Bugzilla's usefulness for tracking incidents and root inclusion requests (Considering structured fields, labels, and templates to make Bugzilla more useful and efficient) ------------------------------ CCADB Feedback - Gather feedback on CCADB usability, usefulness, and public reports (Collecting insights on how to improve the CCADB’s workflows, and reporting) ------------------------------ Certificate Lifecycle and Automation - Revising and improving revocation reason codes to match real-world revocation scenarios and to improve CRLite (Ensuring revocation codes better reflect root program needs and help optimize revocation checking) - Promoting and educating subscribers to help them implement automation of certificate lifecycle processes (Identifying ways to support and encourage automation among certificate users) Open Comments - Revisions / tweaks to topic(s) listed above - Additional topics to discuss - Interested in leading the discussion of one of the topics? And if so, which one(s)? On Wed, Apr 23, 2025 at 2:14 PM 'Ben Wilson' via [email protected] <[email protected]> wrote: > Hi Matt, > > Thanks for your feedback and for sharing your concerns. > > To clarify, this meeting is not intended to replace or diminish any of the > existing asynchronous channels for discussion about the Mozilla root > program, such as this list, Bugzilla, and GitHub. They all remain the > primary forums for open, transparent, and inclusive input regarding the > root program. The round-table discussion is meant only to supplement these > by specifically focusing attention toward improving the root program. > > While I understand, respect, and agree with your points that accessibility > and transparency are important, I plan to move forward, but I commit to > making the outcomes of the meeting available to the greatest extent > possible with notes and follow-up discussions here to ensure that all > interested parties can stay informed and contribute. > > Again, we appreciate your participation and involvement in our ongoing > discussions, in which your insights are always highly valued. > > Thanks again, > > Ben > > > > On Wednesday, April 9, 2025 at 5:09:23 PM UTC-6 Matt Palmer wrote: > >> On Mon, Apr 07, 2025 at 11:13:04AM -0600, 'Ben Wilson' via >> [email protected] wrote: >> > I’d like to announce that the Mozilla CA Program will hold a roundtable >> > discussion on Zoom to gather feedback and ideas to improve our root >> program. >> >> I would like to express my strong disapproval of this approach to >> discussing the Mozilla root program. It disadvantages those in >> timezones which do not align with the chosen one, and also anyone who is >> unable for whatever reason to be available at the specified time. >> Further, there is already far too many instances of (variations of) the >> phrase "that was discussed at the F2F" in various places, seemingly used >> in an attempt to shut down discussion, and the addition of the phrase >> "that was discussed in the Zoom" will not improve the situation. >> >> It would be far more inclusive for all discussion to take place on >> async-friendly mediums, in forms that are amenable to archiving and >> straightforward referencing. >> >> > The roundtable will be scheduled for 90 minutes >> >> [...] >> >> > The purpose of the meeting would be to engage in open, constructive >> > dialogue regarding: >> > >> > - Suggested improvements to the Mozilla Root Store Policy >> > - Updates or enhancements to CA-related wiki pages >> > - Efficiency and effectiveness during the root inclusion process or >> with >> > CA incident handling >> > - Clarity and consistency of Mozilla program communications >> > - Broader discussions re: paths forward for the Web PKI >> >> I could talk, single-handedly, for 90 minutes on each of those topics, >> and I'm not even particularly deeply involved in the minutiae of the >> WebPKI. >> >> - Matt >> >> -- > You received this message because you are subscribed to the Google Groups " > [email protected]" group. > To unsubscribe from this group and stop receiving emails from it, send an > email to [email protected]. > To view this discussion visit > https://groups.google.com/a/mozilla.org/d/msgid/dev-security-policy/893fdc14-8032-4ac5-afd2-6fac96f8c93cn%40mozilla.org > <https://groups.google.com/a/mozilla.org/d/msgid/dev-security-policy/893fdc14-8032-4ac5-afd2-6fac96f8c93cn%40mozilla.org?utm_medium=email&utm_source=footer> > . > -- You received this message because you are subscribed to the Google Groups "[email protected]" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To view this discussion visit https://groups.google.com/a/mozilla.org/d/msgid/dev-security-policy/CA%2B1gtaYbXjGXyUpO2wchY8ws8m9xtam8angMnHrwkTR78XeqdQ%40mail.gmail.com.
