On 22/11/17 17:03, Matthew Hardeman wrote: > approval in terms of community buy-in. The downside, of course, is that > while this alternative pre-discussion allows for discussion of the nebulous > concept of "trust" and integrity, it actually denies the community those > matters which can be most objectively evaluated -- the CPS, the subscriber > agreements, certificate policy, auditor's opinions, etc. (which makes > sense -- the development of these is pricey).
That's a fair point. Let us assume for the sake of discussion that all of those things are standard and unobjectionable in themselves. > I suppose, in summation, I believe this conversation only matters if we're > really trying to have a discussion about trust and defining trust and > importance of trust and whether there is a way that this CA can be trusted. Yes. I think that's a fair summary. Gerv _______________________________________________ dev-security-policy mailing list dev-security-policy@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-security-policy
