| > I am sure that MSFT carefully vets all CA additions. Are you? Why? For Mozilla the vetting process takes place in public, that's one purpose of m.d.s.policy so we can see what is or is not done and draw our own conclusions. Each of the proprietary trust stores has an opaque process which unless you're a CA applicant you don't even know what they're asking for, much less what (if anything) they do with it. These are for-profit companies, and this is a cost centre. The cheapest possible thing they could do is piggy back entirely on the public Mozilla process (which of course for this CA would mean rejecting) The next cheapest option would be to allow senior management to override Mozilla's decisions for, you know, commercial reasons. And yes, it would certainly be possible for them to have their own teams every bit as effective as the public process but entirely made up of employees and contractors. Weirdly though, although it's easy to run into people who worked for say, the Windows OS team, or XBox team, or Azure team, you don't run into ex-Microsoft opaque CA process people. One reason might be that they're all career professionals, never leave, never get downsized, maybe there are dozens of them. But the more likely reason is they do not exist. |