Comment by teamhappy
11 years ago
I couldn't be happier about the news, the EFF and Mozilla always had a special place in my heart. However, the fact that we have to wait for our free certificates until the accompanying command line tool is ready for prime time seems unnecessary. Another thing I'm interested in is whether they provide advanced features like wildcard certificates. This is usually the kind of thing CA's charge somewhat significant amounts of money for.
The thing that's causing the delay is not the client software development, it's the need to create the CA infrastructure and then perform a WebTrust audit. If we were ready on the CA side to begin issuing certificates today, we would be issuing them today.
I think I may have misunderstood all of you. Is the audit process itself really that time consuming? I can imagine the amounts of bureaucracy involved, but I can't image this takes much longer than, say, a month or so. Most of the time is probably spent waiting for someone or something, right? I mean we're talking about very capable people here who have done this kind of thing before.
You are lucky to not have had to deal with corporate beuracracy - these things take time :-) At work I'm integrating an API for a mobile operator, it's apparently working and ready to be used however I've been waiting a couple of months to get all the documentation and everything setup.
Even once they have the CA it needs to be added to browsers which will take time. Taking into account release cycles of embedded devices (read phones where the manufacturer hasn't released an update), summer 2015 seems rather optimistic.
1 reply →
The CA is audited for six months. During this time frame, auditors collect info about the CA, and mainly what happens with it during the six months. Sometimes an auditor will issue a "readiness" statement to help the root get included before the audit closes, but it doesn't seem like they'll need that here.
I doubt the actual CA has been setup either. They're setting up their own root while cross signing from IdenTrust, that's not a one day activity. Auditors have to be present, software has to be designed and tested, etc.
It's true that this shouldn't be done in a day, but it's trivial compared to building a command line tool that automatically configures HTTP servers and designing an open protocol that issues and renews certificates. This is especially true if one of your partners is a CA.
---
Let me be clear here: I'm not complaining that I don't get my free cake now. I do think however that most people at the EFF and Mozilla would agree that we needed something like this a couple of years ago. In that context I think it's a least noteworthy that they decided to wait until other parts of the system are ready.
:-) It's technically easier but organizationally more difficult and time consuming.