Perhaps it should be the broader question of both issuance policy and revocation?
For example, guidelines denote what issuance is permissible but nowhere in the BR policies (or in any of the root programs as far as I'm aware) is an affirmative obligation to issue to those meeting the qualifications specified. On Thu, Apr 12, 2018 at 3:46 PM, Wayne Thayer via dev-security-policy < dev-security-policy@lists.mozilla.org> wrote: > Eric raised an issue distinct from 'the value of EV' that I think is > important: Can certificate revocation be used as a form of censorship? As > HTTPS becomes the default state of the web, it becomes more important to > consider this issue and what should be done about it. I plan to discuss > this with others at Mozilla, and I welcome more discussion here on the > topic (perhaps in a new thread). > > - Wayne > _______________________________________________ > dev-security-policy mailing list > dev-security-policy@lists.mozilla.org > https://lists.mozilla.org/listinfo/dev-security-policy > _______________________________________________ dev-security-policy mailing list dev-security-policy@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-security-policy
