Sent from my iPhone. Please excuse brevity. > On May 23, 2015, at 02:22, Eric Mill <e...@konklone.com> wrote: > > On Fri, May 22, 2015 at 7:24 PM, Ryan Sleevi < > ryan-mozdevsecpol...@sleevi.com> wrote: > >>> On Fri, May 22, 2015 3:11 pm, Eric Mill wrote: >>> On Fri, May 22, 2015 at 5:15 PM, Kathleen Wilson <kwil...@mozilla.com> >>> wrote: >>> >>>>> On 4/7/15 5:31 PM, Richard Barnes wrote: >>>>> >>>>> >>>>> 5. April 1, 2016 is the earliest date at which CNNIC may apply for >> full >>>> inclusion, so SSL certificates issued after Apr 1 2015 for new domains >>>> will >>>> be recognized. >>> >>> Do you mean "will *not* be recognized"? >> >> Fair question. Either answer could work, although "will not be recognized" >> would be more work and more inconsistent, historically. > > Well, I think I just misunderstood the phrasing? I thought that Kathleen > was pointing out that since they won't be able to make it back into the > trust store until at least mid-2016, their certs they issue since their > inclusion won't be recognized for the near future, so I thought it was a > typo. > > Using your message as context, I now read Kathleen's original statement as: > >> 5. April 1, 2016 is the earliest date at which CNNIC may apply for full > inclusion, so [that maybe eventually their] SSL certificates issued after > Apr 1 2015 for new domains will be recognized [retroactively once they are > accepted]. > > Which makes more sense.
That matches my thinking. That is: -- Before their re-application request is decided one way or another, their certs are processed under the current rules. Simply reapplying does not trigger any change. -- If the re-application request is denied, then they will be fully removed, and even certs currently accepted will be rejected. -- If they are accepted, then we will have to decide what to do about the corpus of certs issued in the interim. But that seems like a topic for the re-application thread, not this thread about prerequisites. For purposes of this thread, I think we just need to strike the text that has everyone confused, leaving us with: 5. April 1, 2016 is the earliest date at which CNNIC may apply for full inclusion > > -- Eric > _______________________________________________ > dev-security-policy mailing list > dev-security-policy@lists.mozilla.org > https://lists.mozilla.org/listinfo/dev-security-policy _______________________________________________ dev-security-policy mailing list dev-security-policy@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-security-policy