On Thursday, April 20, 2017 at 4:03:36 PM UTC+3, Gervase Markham wrote: > Mozilla also doesn't believe that it's the job of CAs to police phishing
CAs should police as long as the browser gives positive reinforcement to the end-users when they access a [phishing] site. There were suggestions in the past to remove the 'green lock' for DV/OV certificates. Once this is done, I believe CAs that generates those certs can stop "policing". _______________________________________________ dev-security-policy mailing list dev-security-policy@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-security-policy