On Sun, Jun 23, 2019 at 11:52 AM Cynthia Revström via dev-security-policy < dev-security-policy@lists.mozilla.org> wrote:
> My view is a bit different, we have lots of CAs already, I think it is more > important to be extra secure rather than to take unnecessary risks. > A position like this is not unreasonable, but it would open up other questions. Taken to its logical conclusion, if we have lots of CAs and believe security risks arise from new additions, why would we ever add a new one again? Or at least, what becomes the criteria for getting past that risk and to adding a new one? _______________________________________________ dev-security-policy mailing list dev-security-policy@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-security-policy