On Thu, Apr 12, 2018 at 12:03 PM, Wayne Thayer <wtha...@mozilla.com> wrote: > > > I agree with this, but the current approach taken by CAs is defined in the > BRs, so pointing fingers at individual CAs is not the solution. Based on > this argument, the requirement to revoke when a certificate contains > misleading information should be removed from the BRs. >
And that would seem like a really perverse outcome. _______________________________________________ dev-security-policy mailing list dev-security-policy@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-security-policy