On Thu, November 5, 2015 12:51 pm, Charles Reiss wrote: > My impression is that Mozilla need not be explicitly notified of new > subCAs; the > disclosure may take the form of an update on the CA's website (perhaps > even just > a new version of the CPS). If so, this would seem to make it difficult for > Mozilla or others to monitor adherence to this policy.
This is merely temporary; the transition to Salesforce will see CAs entering in / disclosing their subordinates. Some CAs are already trying this method and providing feedback / working through kinks, but ultimately, the goal is to ensure this information is reliably and consistently provided. _______________________________________________ dev-security-policy mailing list dev-security-policy@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-security-policy