On Fri, Oct 14, 2016 at 3:44 PM, Peter Gutmann <pgut...@cs.auckland.ac.nz> wrote: > Ryan Sleevi <r...@sleevi.com> writes: > >>What is the goal of the root program? Should there be a higher bar for >>removing CAs than adding them? Does trust increase or decrease over time? > > Another thing I'd like to bring up is the absolute silence of the CAB forum > over all this. Apple have quietly unilaterally distrusted, Mozilla have > debated at length (three months now) and are taking action, but the regulatory > body that should be taking charge, the CAB forum, has (apparently) taken > absolutely no action.
The CA/Browser Forum is not a regulatory body. They publish guidelines but do not set requirements nor regulate compliance. The Forum does not require that members follow the Forum guidelines; it only requires that they are either a browser or CA operator following the basic WebTrust requirements or ETSI requirements. What action would you expect the Forum to be taking? Thanks, Peter _______________________________________________ dev-security-policy mailing list dev-security-policy@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-security-policy