Peter, On Fri, Jan 19, 2018 at 10:06 AM, Peter Bowen via dev-security-policy < dev-security-policy@lists.mozilla.org> wrote:
> > What does Mozilla expect to be verified? We know the 10 methods allow > issuance where "the applicant has registered the domain(s) referenced in > the certificate or has been authorized by the domain registrant to act on > their behalf” is not true. > > Will you describe a few examples of this? I think the next step should be for Mozilla to clearly lay out the > requirements for CAs and then the validation methods can be compared to see > if they met the bar. > > Are you asking Mozilla to clarify these two potentially contradictory statements in our policy? Or something more? Thanks, Wayne _______________________________________________ dev-security-policy mailing list dev-security-policy@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-security-policy
