Apart from the concerns others have already raised, I am bothered by the wording of one of the Dark Matter commitments, which says that "TLS certs intended for public trust" will be logged. What does public trust mean? Does it include certificates intended only for use within their country? Those intended to be used only on a small, privately-specified, set of recipients?
Perhaps a better way to phrase my question is: what certs would DM issue that would *not* be subject to their CT logging SOP? Is there any other trusted root that has made a similar exemption? _______________________________________________ dev-security-policy mailing list dev-security-policy@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-security-policy
