On 02/10/2009 03:23 AM, Nelson B Bolyard:
While I do not wish in any way to question or reduce the value of
Kathleen's evaluation, I wonder if it is right for us to allow CA
applications to be approved in the absence of any real public discussion.
In the complete absence of any discussion, positive or negative, does it
seem right to allow CAs to go into the list by default? Should we have a
quorum requirement, of some sort, requiring pasticipation by at least N
members before allowing approval?
It bothers me that a CA might get into the list simply because no one
(besides Kathleen) had (or took) the time to seriously evaluation the
application. This seems especially problematic given that it appears
to be nigh unto impossible to remove a CA from the list.
This is an interesting question. The last two years have proven that
additional reviews had quite some consequences. Personally I'm doing my
best to review every request, however there can't be any guaranty that I
or anybody else can do so always. I think however that your suggestion
has some valid ground. I would support a review requirement by the
community of at least two individuals which independently review the CA.
--
Regards
Signer: Eddy Nigg, StartCom Ltd.
Jabber: start...@startcom.org
Blog: https://blog.startcom.org
--
dev-tech-crypto mailing list
dev-tech-crypto@lists.mozilla.org
https://lists.mozilla.org/listinfo/dev-tech-crypto
