On Sun, Mar 4, 2018 at 4:04 PM, Eric Mill via dev-security-policy < dev-security-policy@lists.mozilla.org> wrote:
> So, what would useful next steps be to improve security and accountability > for resellers? > It depends - do you view resellers as the user's delegated agent - that is, much like one might contract out IT services or janitorial services - or do you view them as the CA's agent - outsourced marketing and technical support? Answering this question seems key to understanding what, if any, meaningful reforms can be offered. And I would not look to the discounts offered resellers as a way of arguing that they are the CA's agent, since CA's regularly offer discounts to customers who purchase in bulk. _______________________________________________ dev-security-policy mailing list dev-security-policy@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-security-policy
