Mozilla

Chris Blizzard recently posted an interesting article “open source is a side effect” in which he discussed the problem of encouraging the growth of open source developer communities in India, and by implication in other countries outside the so-called “developed” world. This is a subject of interest to me in my Mozilla Foundation role, because I think one of the Foundation’s goals should be to help grow the Mozilla community, especially in countries where there aren’t currently a lot of Mozilla contributors. In general I think Chris comments are spot on, but I wanted to add a few comments of my own. ...

Back in August 2005, when the Mozilla Corporation was created, I began working for the Mozilla Foundation in a part-time capacity. I’m pleased to note that today is my first day working full-time for the Foundation. In my previous post on the reorganization I very briefly discussed my past involvement with the Mozilla project. I really don’t have much to add to those comments, except to say that I’m happy to be able to take on a more extensive role as executive director of the Mozilla Foundation and do what I can to help support the Mozilla project as it evolves. I have my own personal opinions on where and how the Foundation can make a difference, and in the future I’ll be blogging more concerning my own thoughts on this topic. However in the end what really matters is not what I think but rather what’s best for the Mozilla project and the people participating in it and affected by it; I’m in a key sense just serving as an intermediary between the Mozilla community and the Mozilla Foundation board of directors, trying to bring various perspectives to the board’s attention and helping to implement the board’s chosen strategies. ...

In my previous posts I announced adoption of the new Mozilla policy on CA certificates and discussed the CA market and possible roles for CAs. In this post I present some of my personal thoughts about how the SSL/TLS UI used in Firefox and related products might evolve, based on past discussions in the n.p.m.crypto and n.p.m.security newsgroups and conversations I’ve had at different times with various CAs and browser suppliers. Note that this post represents my personal opinions only. I personally don’t have any control over the SSL/TLS UI in Firefox or other Mozilla software; my role is limited to offering suggestions. Questions about or proposals for features in future releases of Firefox and other Mozilla-related software should be directed to the Firefox developers or the other project teams. ...

As I mentioned in my previous post about the new policy on CA certificates, one major issue is to what extent we should distinguish among the different types of certificates issued by different Certification Authorities, both in terms of the policy and also in terms of the SSL/TLS UI used in Firefox and other products. In today’s SSL/TLS certificate market CAs sell certificates with different claims as to the “assurance” of the certificate, but Firefox and other browsers have a “one UI fits all” approach, where any SSL/TLS connection to a web site receives the same UI treatment (the infamous padlock) regardless of how and to what extent the CA validates the holder of the site’s certificate. ...

Back in April 2005 I submitted a draft policy document to the Mozilla Foundation regarding how we determine which Certification Authorities (CAs) have root certificates included in Mozilla-based products distributed by the Foundation. Since that time a lot has happened; in particular the Mozilla Foundation reorganized to move its product development and distribution activities into the new Mozilla Corporation, and I took on a part-time position with the “new” Mozilla Foundation as Director of Policy. ...