Yes, I know what happened but it´s not what the document says. Unless there´s another document, it seems to me that you haven´t acted according to what this page says. If I understand correcly, a should is a conditional and then it´s not a requirement. Furthermore there´s no indication on the consequences if you don´t do it, at least in this document. Maybe I´m missing some others, for sure, but i´d like to have the full picture.
Best regards Iñigo Barreira CEO StartCom CA Limited -----Original Message----- From: dev-security-policy [mailto:dev-security-policy-bounces+inigo=startcomca....@lists.mozilla.org] On Behalf Of Gervase Markham via dev-security-policy Sent: lunes, 13 de febrero de 2017 13:15 To: mozilla-dev-security-pol...@lists.mozilla.org Subject: Re: Public disclosure of root ownership transfers (was: Re: Google Trust Services roots) Hi Inigo. On 10/02/17 12:40, Inigo Barreira wrote: > I see many "should" in this link. Basically those indicating "should > notify Mozilla" and "should follow the physical relocation section". It may be that this document does need redoing in formal policy language. In the mean time, anyone uncertain about its meaning should ask Kathleen. > What does it happen if you don´t notify Mozilla? Well, this was a factor in our dis-trust of WoSign and StartCom, so I guess the answer is "we take it seriously" :-) Gerv _______________________________________________ dev-security-policy mailing list dev-security-policy@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-security-policy
smime.p7s
Description: S/MIME cryptographic signature
_______________________________________________ dev-security-policy mailing list dev-security-policy@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-security-policy
