On 6/2/2017 3:28 AM, Gervase Markham wrote: > The scope of the BRs is ambiguous, and almost certainly smaller than the > scope of the Mozilla policy. It might be useful to explicitly draw > attention to that fact, for the avoidance of doubt. > > Proposal: add a bullet to section 2.3, where we define BR exceptions: > > "Insofar as the Baseline Requirements attempt to define their own scope, > the scope of this policy (section 1.1) overrides that. Mozilla expects > CA operations relating to issuance of all SSL certificates in the scope > of this policy to conform to the Baseline Requirements." > > This is: https://github.com/mozilla/pkipolicy/issues/72 > > ------- > > This is a proposed update to Mozilla's root store policy for version > 2.5. Please keep discussion in this group rather than on Github. Silence > is consent. > > Policy 2.4.1 (current version): > https://github.com/mozilla/pkipolicy/blob/2.4.1/rootstore/policy.md > Update process: > https://wiki.mozilla.org/CA:CertPolicyUpdates >
Consider: While the Mozilla policy requires compliance with the Baseline Requirements, this policy has a broader scope by levying additional requirements on certification authorities. -- David E. Ross <http://www.rossde.com> Consider: * Most state mandate that drivers have liability insurance. * Employers are mandated to have worker's compensation insurance. * If you live in a flood zone, flood insurance is mandatory. * If your home has a mortgage, fire insurance is mandatory. Why then is mandatory health insurance so bad?? _______________________________________________ dev-security-policy mailing list dev-security-policy@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-security-policy