On Wed, Jan 17, 2018 at 7:46 AM, Tim Hollebeek <tim.holleb...@digicert.com> wrote:
> I support "encouraging" those who are currently using the public web PKI > for > internal uses to move to their own private PKIs. The current situation is > an > artifact of the old notion that there should be a global "One CA List to > Rule > Them All" owned by the operating system, and everyone should use that. > That notion is a bit antiquated, in my mind. Applications and components > that need a trust list really need to carefully select (or create!) an > appropriate > one instead of just grabbing the most convenient one. > > I think this is a vote for the status quo, in which we have been accepting CAs that don't meet the guidance provided under 'who may apply' I'm familiar with a few efforts in the financial space to transition away > from > browser trust lists for non-browser TLS, but as you can imagine, that's > not a > trivial effort and will take some time. My only request would be that if > the > rules are going to change, that large companies and entire industries that > may be affected be given enough notice to be able to come up with > reasonable transition plans. > > Point taken. My immediate concern is for new applications, not with existing CAs. -Tim > > _______________________________________________ dev-security-policy mailing list dev-security-policy@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-security-policy