On 07/02/2017 20:49, David E. Ross wrote:
On 2/7/2017 11:15 AM, Jakob Bohm wrote:
Root certificates previously withdrawn for this purpose are encouraged
to report this fact to Mozilla by ???? and to maintain valid entries in
the CCADB for such roots, all for the benefit of organizations that
maintain or service software that are or interoperate with such older
software.
No. Root certificates do NOT report anything. The certification
authorities that own the root certificates do the reporting.
Confusing certificates with their owners propagates into confusion among
subscribers, developers, and users. This is also seen with "CA". That
acronym means "certification authority", but it is too often seen to
mean "root certificate".
Enforceable policies require that all terminology be accurate and
unambiguous.
Ok, prefix that last sentence by "Operators of" then.
Enjoy
Jakob
--
Jakob Bohm, CIO, Partner, WiseMo A/S. https://www.wisemo.com
Transformervej 29, 2860 Søborg, Denmark. Direct +45 31 13 16 10
This public discussion message is non-binding and may contain errors.
WiseMo - Remote Service Management for PCs, Phones and Embedded
_______________________________________________
dev-security-policy mailing list
dev-security-policy@lists.mozilla.org
https://lists.mozilla.org/listinfo/dev-security-policy
