This opens up a bait and switch. Secret information may be provided to Mozilla that will be supressed and unavailable to the public. In the event of a dispute, this information may be relevent to the public party, but will be unknown to them. I'd recommend that all information provided be deemed public, non-proprietary, and publishable by Mozilla.
That's a good point; I will definitely consider revising this language along the lines you suggest.
If they are asking for users to trust them in effect (by getting inclusion) shouldn't security in general (maybe not specifically) about their security procedures be as open and allow the public at large to know what they really are trusting...
_______________________________________________
mozilla-crypto mailing list
[EMAIL PROTECTED]
http://mail.mozilla.org/listinfo/mozilla-crypto
