On Friday, 14 October 2016 02:21:36 UTC+1, Matt Palmer wrote: > Will there be any requirements around the qualification status of the logs, > or could anyone who wanted to be "nice" just stand up a log, and have these > CAs obtain precerts from them?
I don't think Mozilla has declared any specific requirements, but presumably they would expect to choose the same or similar criteria as Google's Chrome which you're already aware of but I'll link for anybody else https://www.chromium.org/Home/chromium-security/certificate-transparency/log-policy For the immediate purpose here (allowing broad oversight over what the new CA is issuing) some of these criteria are less important, e.g. the >99% uptime may be less important because oversight would be done via a monitor, but Mozilla intends to add SCT-checking to Firefox, at which point all the criteria will be important. _______________________________________________ dev-security-policy mailing list dev-security-policy@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-security-policy