On 15/11/16 05:39, Ryan Sleevi wrote: > I think it'd be useful to resolve the questions I asked on this thread > - > https://groups.google.com/d/msg/mozilla.dev.security.policy/ZMUjQ6xHrDA/ySofsF_PAgAJ > - to figure out what Mozilla expects/wants of TCSCs with respect to > the BRs, as that seems like it would significantly affect how you want > CT to play or not play in that role.
I think the answer to that question is that in general, TCSCs need to adhere to the BRs but there may be some bits we don't need them to adhere to. We should clarify our policy on this point. https://github.com/mozilla/pkipolicy/issues/36 > As Andrew Ayer points out, currently, CAs are required to ensure TCSCs > comply with the BRs. Non-compliance is misissuance. Does Mozilla share > that view? And is Mozilla willing to surrender the ability to detect > misissuance, in favor of something which clearly doesn't address the > use cases for redaction identified in the CA/Browser Forum and in the > IETF? I certainly think our view of redaction will be driven by use cases. AIUI, you are strongly encouraging use cases to be brought to the IETF. However, if 6962bis is in Last Call, and won't be updated, is the TRANS group still listening to and accumulating use cases for redaction? Gerv _______________________________________________ dev-security-policy mailing list dev-security-policy@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-security-policy
