On 23/03/17 23:07, Kathleen Wilson wrote: > Second paragraph of Action 1 now says: ~~ Note that version 1.4.2 of > the BRs does not contain all 10 of these methods, but it does contain > section 3.2.2.4.11, "Other Methods", so the subsections of version > 3.2.2.4 that are marked "Reserved" in version 1.4.2 of the BRs are > still BR-compliant under version 1.4.2. By Mozilla policy, CAs are > not permitted to rely on the "Other Methods" section to use methods > of domain validation that are not among the 10 listed in section > 3.2.2.4 of version 1.4.1 of the BRs. Mozilla expects that all of the > methods for doing domain validation that are missing in version 1.4.2 > of the BRs will be restored to a forthcoming version of the BRs, so > we will once again be able to accept all of the methods of domain > validation listed in the latest version of the BRs. ~~
That's not quite it, because the first bit is still confusing (my fault), and the last para suggests we currently don't accept all methods listed, which we do. Can we try the following? Note that version 1.4.2 of the BRs does not contain all 10 of these methods, but it does contain section 3.2.2.4.11, "Other Methods", so the methods that were removed in version 1.4.2 of the BRs are still BR-compliant under that version. By Mozilla policy, CAs are not permitted to rely on the "Other Methods" section to use methods of domain validation that are not among the 10 listed in section 3.2.2.4 of version 1.4.1 of the BRs. As the IPR issues relating to these missing methods have now been resolved, Mozilla expects that they will soon be restored. Once they are, our policy will once again become that "we accept all of the methods of domain validation explicitly listed in the latest version of the BRs". Gerv _______________________________________________ dev-security-policy mailing list dev-security-policy@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-security-policy