Hi everyone, I’m really looking forward to our upcoming Mozilla CA Program roundtable discussion — it's happening next Friday, May 16th, and it will be a great opportunity to connect, share ideas, and discuss the Mozilla root program.
To make sure the agenda reflects your interests and priorities, I’d greatly appreciate your taking a few minutes to fill out the survey: https://forms.gle/Ks3rbQxdkjETR7uJ7. Even if you can’t attend the teleconference, your input via the survey will help shape what we focus on — and I’ll make meeting notes or a summary available afterward. Thanks in advance. Ben On Wed, Apr 23, 2025 at 4:24 PM Ben Wilson <[email protected]> wrote: > Greetings all, > > I have created a survey <https://forms.gle/Ks3rbQxdkjETR7uJ7> (pasted > below) to help shape the agenda for the round-table discussion scheduled > for Friday, May 16, 2025. > > The survey <https://forms.gle/Ks3rbQxdkjETR7uJ7> will help identify the > topics you’re most interested in discussing. > > Please take a few minutes to review the list of potential topics and > indicate your level of interest. Your input will help us prioritize the > topics and ensure that the discussion is productive and relevant. You’re > welcome to suggest additional topics at the bottom of the survey > <https://forms.gle/Ks3rbQxdkjETR7uJ7>. I’ll share a draft agenda and > event details here once I’ve reviewed the responses. > > Thanks, > > Ben > *SURVEY* > > Respondent Information > > - > > Name (optional) > > - > > Organization (optional) > > - > > Email (optional) > > Mozilla Root Store Policy (MRSP) and Governance > > > - > > Adding MRSP Issues in GitHub > (Collecting and managing proposed policy changes using GitHub’s issue > tracker for transparency and collaboration) > > - > > Gather suggestions for improvements to incorporate into MRSP v.3.1 > (Soliciting input to shape the next version of the Mozilla Root Store > Policy) > > - > > Triaging and prioritizing the MRSP Issues listed in GitHub > (Deciding which proposed policy updates should be addressed first and > how to resolve them) > > - > > Mozilla's compliance expectations for new MRSP v.3.0 requirements > (Clarifying how CAs should interpret and comply with newly effective > policy requirements) > > - > > Re-prioritization of Mozilla’s root store policy initiatives and > general work conducted > (Evaluating whether Mozilla's current focus areas still align with > ecosystem needs) > > > ------------------------------ > > Community Engagement and Communication > > - > > Improving community engagement during policy discussions > (Exploring ways to increase participation and constructive input in > dev-security-policy or GitHub threads) > > - > > Improving professionalism and civility and reducing friction during > discussions > (Establishing norms and tools that encourage respectful dialogue and > reduce hostility) > > - > > Improving the clarity and effectiveness of dev-security-policy > announcements > (Making communications clearer and more actionable for stakeholders) > > > ------------------------------ > > Mozilla CA Wiki and Documentation > > - > > Improving and updating information stored on the Mozilla CA wiki > (Refreshing outdated content and improving the structure of CA > guidance documentation) > > - > > Updating the Mozilla CA wiki’s list of recommended practices > (Reviewing and expanding best-practice examples for CA operations and > disclosures) > > - > > Updating the Mozilla CA wiki’s list of problematic practices > (Clarifying behaviors that could result in compliance concerns or > distrust discussions) > > > ------------------------------ > > CA Compliance and Maturity > > - > > Improving the quality of CAs’ Certification Practice Statements > (Identifying common CPS issues and helping CAs meet expectations more > effectively) > > - > > Improving CA compliance posture, sophistication, i.e. the CA maturity > model > (Discussing tools and benchmarks to measure and raise the maturity of > CA operations) > > - > > Challenges that CAs face > (Gathering CA pain points or systemic barriers to compliance or > improvement) > > > ------------------------------ > > Root Inclusion and Incident Handling > > - > > Improving the speed and quality of Mozilla's root inclusion process > (Exploring ways to streamline reviews and have public discussion while > maintaining security and public transparency) > > - > > Improving Bugzilla's usefulness for tracking incidents and root > inclusion requests > (Considering structured fields, labels, and templates to make Bugzilla > more useful and efficient) > > > ------------------------------ > > CCADB Feedback > > - > > Gather feedback on CCADB usability, usefulness, and public reports > (Collecting insights on how to improve the CCADB’s workflows, and > reporting) > > > ------------------------------ > > Certificate Lifecycle and Automation > > - > > Revising and improving revocation reason codes to match real-world > revocation scenarios and to improve CRLite > (Ensuring revocation codes better reflect root program needs and help > optimize revocation checking) > > - > > Promoting and educating subscribers to help them implement automation > of certificate lifecycle processes > (Identifying ways to support and encourage automation among > certificate users) > > > Open Comments > > - > > Revisions / tweaks to topic(s) listed above > - > > Additional topics to discuss > - > > Interested in leading the discussion of one of the topics? And if so, > which one(s)? > > > > On Wed, Apr 23, 2025 at 2:14 PM 'Ben Wilson' via > [email protected] <[email protected]> wrote: > >> Hi Matt, >> >> Thanks for your feedback and for sharing your concerns. >> >> To clarify, this meeting is not intended to replace or diminish any of >> the existing asynchronous channels for discussion about the Mozilla root >> program, such as this list, Bugzilla, and GitHub. They all remain the >> primary forums for open, transparent, and inclusive input regarding the >> root program. The round-table discussion is meant only to supplement these >> by specifically focusing attention toward improving the root program. >> >> While I understand, respect, and agree with your points that >> accessibility and transparency are important, I plan to move forward, but I >> commit to making the outcomes of the meeting available to the greatest >> extent possible with notes and follow-up discussions here to ensure that >> all interested parties can stay informed and contribute. >> >> Again, we appreciate your participation and involvement in our ongoing >> discussions, in which your insights are always highly valued. >> >> Thanks again, >> >> Ben >> >> >> >> On Wednesday, April 9, 2025 at 5:09:23 PM UTC-6 Matt Palmer wrote: >> >>> On Mon, Apr 07, 2025 at 11:13:04AM -0600, 'Ben Wilson' via >>> [email protected] wrote: >>> > I’d like to announce that the Mozilla CA Program will hold a >>> roundtable >>> > discussion on Zoom to gather feedback and ideas to improve our root >>> program. >>> >>> I would like to express my strong disapproval of this approach to >>> discussing the Mozilla root program. It disadvantages those in >>> timezones which do not align with the chosen one, and also anyone who is >>> unable for whatever reason to be available at the specified time. >>> Further, there is already far too many instances of (variations of) the >>> phrase "that was discussed at the F2F" in various places, seemingly used >>> in an attempt to shut down discussion, and the addition of the phrase >>> "that was discussed in the Zoom" will not improve the situation. >>> >>> It would be far more inclusive for all discussion to take place on >>> async-friendly mediums, in forms that are amenable to archiving and >>> straightforward referencing. >>> >>> > The roundtable will be scheduled for 90 minutes >>> >>> [...] >>> >>> > The purpose of the meeting would be to engage in open, constructive >>> > dialogue regarding: >>> > >>> > - Suggested improvements to the Mozilla Root Store Policy >>> > - Updates or enhancements to CA-related wiki pages >>> > - Efficiency and effectiveness during the root inclusion process or >>> with >>> > CA incident handling >>> > - Clarity and consistency of Mozilla program communications >>> > - Broader discussions re: paths forward for the Web PKI >>> >>> I could talk, single-handedly, for 90 minutes on each of those topics, >>> and I'm not even particularly deeply involved in the minutiae of the >>> WebPKI. >>> >>> - Matt >>> >>> -- >> You received this message because you are subscribed to the Google Groups >> "[email protected]" group. >> To unsubscribe from this group and stop receiving emails from it, send an >> email to [email protected]. >> To view this discussion visit >> https://groups.google.com/a/mozilla.org/d/msgid/dev-security-policy/893fdc14-8032-4ac5-afd2-6fac96f8c93cn%40mozilla.org >> <https://groups.google.com/a/mozilla.org/d/msgid/dev-security-policy/893fdc14-8032-4ac5-afd2-6fac96f8c93cn%40mozilla.org?utm_medium=email&utm_source=footer> >> . >> > -- You received this message because you are subscribed to the Google Groups "[email protected]" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To view this discussion visit https://groups.google.com/a/mozilla.org/d/msgid/dev-security-policy/CA%2B1gtaYfgm7BdMyhAmw-eC0X2oSkHpKeMN1%2BGeE4LC1cqce%2B%2BQ%40mail.gmail.com.
