On 18/10/16 15:42, Ryan Hurst wrote: > I do not understand the desire to require StartCom / WoSign to not > utilize their own logs as part of the associated quorum policy.
My original logic was that it could be seen that the log owner is trustworthy. However, you are right that CT does not require this. If the consensus of the group is that it's OK for StartCom/WoSign to run their own CT servers for the 2nd log, we can drop that part of the requirement. Gerv _______________________________________________ dev-security-policy mailing list dev-security-policy@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-security-policy