> Date: Tue, 08 Oct 2013 07:16:54 +0200
> From: Kaspar Brand <[email protected]>
> To: [email protected]
> Subject: Re: Netcraft blog, violations of CABF Baseline Requirements,
> any consequences?
> Fine. So in the case of Verizon, why does Mozilla not proceed with
> removing their EV enablement?
This sort of thing keeps coming up. There needs to be some action
Mozilla can take short of removing a cert from the distribution.
I suggest adding the capability to add a warning message to
each cert in the distribution. This warning message would
appear in an alert box raised whenever an out-of-policy cert
is used.
The content of the warning message should vary for each
problem, and might have a link to an explanatory page.
Mozilla's privacy officer should be consulted as to the
content of such messages.
John Nagle
_______________________________________________
dev-security-policy mailing list
[email protected]
https://lists.mozilla.org/listinfo/dev-security-policy
