Judges must follow the law to the letter and must not let personal feelings influence their decision. The same rules apply to CAs. Every company who passes the EV guidelines has the right to have an EV cert and CAs must be impartial even if that cert might cause harm. If the CA doesn't like it then file a ballot on the CAB Forum.
James Burton On Fri, Apr 13, 2018 at 10:23 PM, Ryan Sleevi via dev-security-policy < dev-security-policy@lists.mozilla.org> wrote: > On Fri, Apr 13, 2018 at 5:15 PM, Matthew Hardeman via dev-security-policy < > dev-security-policy@lists.mozilla.org> wrote: > > > > I only named Let's Encrypt as an example of a CA that maintains a > scrubbing > > "blacklist". In their case, it appears to require exact match to a label > > including TLD and TLD+1. I was kind of surprised that they didn't just > > take all the high value domain names as to the TLD+1 field and decline > all > > combinations of (0...n_labels.)HIGH_VALUE_TLD+1.ANY_TLD_HERE, but I'm > sure > > there's a reasonable case either way. > > > > Reading the DNS policy discussions (over the past two decades) provides an > adequately ample understanding of the problems with, and complexities of, > such a naieve policy. The discussion around 'sunrise' and 'early > registration' periods for TLDs, or the UDRP, should be mandatory > comprehension for anyone arguing in favor of "popularity contests" or "big > domain holders > small domain holders" or "trademark holders > free speech" > or... well, the list goes on with the bad ideas proposed here that have > been roundly rejected by civil society and technologists regarding the > administration of the DNS :) > _______________________________________________ > dev-security-policy mailing list > dev-security-policy@lists.mozilla.org > https://lists.mozilla.org/listinfo/dev-security-policy > _______________________________________________ dev-security-policy mailing list dev-security-policy@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-security-policy
