On 1/10/18 10:52 AM, Doug Beattie wrote:
Thanks Kathleen. I only asked because you are trying to reduce the manpower for processing applications, and if a CA was already in the program there might not be a need to do as much. But on the other hand, this forces us to all comply with those pesky set of questions in "CA/Forbidden or Problematic Practices" that we've ignored and forces a formal review of the CPS.
Correct, the root inclusion/update process is this way on purpose, so that CAs have to evaluate their practices and documentation, and fix their problems with compliance to Mozilla's policy and the BRs.
Thanks, Kathleen _______________________________________________ dev-security-policy mailing list dev-security-policy@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-security-policy