On Wed, Jan 17, 2018 at 11:49 AM, Jakob Bohm via dev-security-policy <dev-security-policy@lists.mozilla.org> wrote: > 4. Selected company CAs for a handful of too-bit-to-ignore companies > that refuse to use a true public CA. This would currently probably > be Microsoft, Amazon and Google. These should be admitted only on > a temporary basis to pressure such companies to use generally trusted > independent CAs.
Jakob, Can you please explain how you define "true public CA"? How long should new CAs have to meet this criteria? I don't like carve outs for "too-big-to-ignore". Thanks, Peter _______________________________________________ dev-security-policy mailing list dev-security-policy@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-security-policy
