On 17/01/18 19:14, Ryan Hurst wrote: > Since Google's PKI was mentioned as an example, I can publicly state > that the plan is for Google to utilize the Google Trust Services > infrastructure to satisfy its SSL certificate needs. While I can not > announce specific product roadmaps I can say that this includes the > issuance of certificates for Google offerings involving hosting of > products and services for customers.
This is an interesting situation because it points to an interesting ramification of a requirement which is anything like "issues certs to the public". We can compare large companies who happen to be in the cloud hosting business (e.g. Google, Amazon, Microsoft) with those that are not. The former category can pass a "issuing certs to the public" test and so qualify for inclusion, and can then use that same infra to issue their internal certs, or certs for their own public-facing domains and hostnames. A large company which happens not to be in the cloud hosting business cannot pass that test, and so has to use a 3rd party CA for their cert requirements. One could argue that deciding whether a large tech company gets the convenience of a self-hosted root based on whether they provide a particular service is not very fair. Gerv _______________________________________________ dev-security-policy mailing list dev-security-policy@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-security-policy
