On 07/08/2017 23:05, Vincent Lynch wrote:
Jakob,
I don't see what is wrong with Jonathan reporting these issues. The authors
and ratifiers of the BRs made the choice to specify these small details.
While a minor encoding error is certainly not as alarming as say, issuing
an md5 signed certificate, it is still an error and is worth reporting.
I believe it is decidedly off-topic to debate what BR violations are worth
reporting.
If you think certain BR rules are outdated or sub-par, I am sure the
community would welcome that discussion but it should be its own thread.
Since the CT made it possible, I have seen an increasing obsession with
enforcing every little detail of the BRs, things that would not only
have gone unnoticed, but also been considered unremarkable before CT.
Do we really want the CA community to be filled with bureaucratic
enforcement of harsh punishments for every slight misstep? This is the
important question that any organization (in this case this community)
needs to ask itself whenever new surveillance abilities make it possible
to catch microscopic infractions.
Do we want to be the kind of place where people are punished for not
polishing their boots perfectly or having a picture of their wife on
their desk? (To mention other rules that some organizations have
overzealously enforced a long time ago).
Enjoy
Jakob
--
Jakob Bohm, CIO, Partner, WiseMo A/S. https://www.wisemo.com
Transformervej 29, 2860 Søborg, Denmark. Direct +45 31 13 16 10
This public discussion message is non-binding and may contain errors.
WiseMo - Remote Service Management for PCs, Phones and Embedded
_______________________________________________
dev-security-policy mailing list
dev-security-policy@lists.mozilla.org
https://lists.mozilla.org/listinfo/dev-security-policy
