+1 on removal, that paragraph doesn't square with current ideas about what's problematic in the WebPKI; as you've noted wildcards and DV are really orthogonal concerns.
Alex On Thu, Apr 20, 2017 at 9:02 AM, Gervase Markham via dev-security-policy < dev-security-policy@lists.mozilla.org> wrote: > There is an entry on Mozilla's Potentially Problematic CA Practices list > for Wildcard DV certs: > https://wiki.mozilla.org/CA:Problematic_Practices# > Wildcard_DV_SSL_Certificates > > This text was added by Frank Hecker when this page was very new back in > 2008, and has been basically unchanged since then: > https://wiki.mozilla.org/index.php?title=CA:Problematic_Practices&diff= > 92109&oldid=92084 > > I don't believe the issuance of wildcard DV certs is problematic in > practice. Mozilla is of the view that ubiquitous SSL is the highest > priority for the Web PKI, and wildcard certs are a part of that. Mozilla > also doesn't believe that it's the job of CAs to police phishing, which > is the concern raised. > > I propose this section be removed from the document. > > Gerv > _______________________________________________ > dev-security-policy mailing list > dev-security-policy@lists.mozilla.org > https://lists.mozilla.org/listinfo/dev-security-policy > _______________________________________________ dev-security-policy mailing list dev-security-policy@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-security-policy
