On Thu, Dec 27, 2018 at 11:12 AM Jakob Bohm via dev-security-policy < dev-security-policy@lists.mozilla.org> wrote:
> Yes, you are consistently mischaracterizing everything I post. > > My question was a refinement of the original question to the one case > where the alternative in the original question (configuring the browser > to trust a non-default PKI) would not be meaningful. > I hope you can understand my confusion, as again, you've provided a statement, but not an actual question. Peter provided two, fairly simple to understand, very direct questions: Is the expectation that "publicly trusted certificates" should only be used > by customers who for servers that are: > - meant to be accessed with a Mozilla web browser, and > - publicly accessible on the Internet (meaning the DNS name is publicly > resolvable to a public IP), and > - committed to complying with a 24-hour (wall time) response time > certificate replacement upon demand by Mozilla? Is the recommendation from Mozilla that customers who want to allow Mozilla > browsers to access sites but do not want to meet one or both of the other > two use the Firefox policies for Certificates ( > > https://github.com/mozilla/policy-templates/blob/master/README.md#certificates > ) to add a new CA to the browser? You presented a question as: Is the recommendation that customers should not use publicly > trusted certificates for servers that are meant to be accessed by the > general public using a Mozilla web browser unless they are committed > to complying with a 24-hour (wall time) response time certificate > replacement upon demand by Mozilla? It would appear that it is merely a rephrasing of that first question, but as a negative question ("should not") rather than Peter's original positive question ("should only"). Could you help me understand what's different about Peter's first question and your question? It's very clear you have opinions as to the second question, but it still seems as if you're merely asking the first question, but in a way that provides less information. If there's something new or unique to the question, rephrasing your question may make it clearer. Doing so without expressing a particular opinion on what the answer should be seems like an even more positive step forward. _______________________________________________ dev-security-policy mailing list dev-security-policy@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-security-policy
