Q: Kathleen who?
Kathleen Wilson works for the Mozilla Corporation, and manages our queue of incoming certificate authority requests. She coordinates the information we need from the CAs, shepherds them through our public review process and, if approved, files the bugs to get them into the product.
Q: Holy crap! One person does all of that? Is she superhuman?
It has been proven by science. She is 14% unobtainium by volume.
Q: That’s really awesome, but I am a terrible, cynical person and require ever-greater feats of amazing to maintain any kind of excitement.
She came in to a root program with a long backlog and sparse contact information, and has reduced the backlog, completely updated our contact information, and is now collecting updated audit information for every CA, to be renewed yearly.
Q: Hot damn! She’s like some kind of awesome meta-factory that just produces new factories which each, in turn, produce awesome!
I know, right? She has also now removed several CAs that have grown inactive, or for which up to date audits cannot be found. They’ll be gone as of Firefox 3.6.7. They’re already gone on trunk.
Q: Wait, what?
Yeah – you can check out the bug if you like. I’m not positive, but I think this might represent one of the first times that multiple trust anchors have ever been removed from a shipping browser. It’s almost certainly the largest such removal.
Q: I don’t know what to say. Kathleen completes Mozilla. It is inconceivable to me that there could be anything more!
Inconceivable, yes. And yet:
- She’s also made what I believe to be the first comprehensive listing of our root, with signature algorithms, moduli, expiry dates, &c.
- In her spare time, she’s coordinating with the CAs in our root program around the retirement of the MD5 hash algorithm, which should be a good practice run for the retirement of 1024-bit RSA (and eventually, in the moderately distant but forseeable future, SHA-1).
- She has invented a device that turns teenage angst into arable land suitable for agriculture.
Fully 2 of the above statements are true!
Q: All I can do is whimper.
Not true! You can also help! Kathleen ensures that every CA in our program undergoes a public review period where others can pick apart their policy statements or issuing practices and ensure that we are making the best decisions in terms of who to trust, and she’d love you to be a part of that.
- subscribe to the mozilla.dev.security.policy usenet group
- or the mailing list version
- or the google group clone
Q: I’ll do it! Thanks!
No, thank you. That wasn’t a question.