On 19/01/18 01:05, Jakob Bohm wrote: > On 18/01/2018 11:01, Gervase Markham wrote: >> On 17/01/18 19:49, Jakob Bohm wrote: >>> 3. Major vertical CAs for high value business categories that issue >>> publicly trusted certificates at better than EV level integrity. For >> >> How do you define "major"? And "high value business category"? > > Major would be the biggest 1 to 3 of their kind, ignoring any covering > only a small fraction of the relevant web site/e-mail population even if > in the top 3. Also any not doing this globally is not major.
I guess my question was ambiguous. Clearly it's very easy to come up with arbitrary definitions for these things, but what's the rationale? Why 1-3? Why not 1-8? > High value business category would be a category where web users have an > extremely high need for genuineness. Banks/central payment systems > would be the canonical example, with the VISA CA/SET combination as a > possible historic example (noting that it looks like they don't > currently qualify even if they did in the past). You've just shifted the definitional problem to the words "extremely high need for genuineness". Proving examples of what you personally mean by these terms is not sufficient to make a definition, unless the Mozilla policy becomes "whatever Jakob Bohm decides". Gerv _______________________________________________ dev-security-policy mailing list dev-security-policy@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-security-policy
