On Fri, May 1, 2020 at 12:48 PM Corey Bonnell via dev-security-policy <dev-security-policy@lists.mozilla.org> wrote: > > Hi Kathleen, > Thank you for sending out this notification of the draft survey. I have > briefly reviewed and would like to ask what is the intent of Item 4 and the > associated sub-items? The Browser Alignment draft ballot is under discussion > in the CAB Forum, so the intent behind the shift of the location of discourse > to the Mozilla forum is unclear.
Not Kathleen here, but it seems to make sense to me, for the same reason Item 3 makes sense. That is, in Item 3, Apple's deployed a policy, and there's a question about if/when Mozilla should do the same. Item 4 seems similar - 4.1 is a Microsoft requirement, 4.2 is an existing Mozilla implementation requirement (and RFC 5280 requirement), 4.3 is moving a CCADB SHOULD to a MUST, and 4.4 is a Microsoft requirement. Discussion in the CA/Browser Forum is very useful, although to date, no CA has raised any concerns or discussion despite the multiple attempts to get feedback, so it's also useful to have a CA communication that can encourage feedback, both as Mozilla looks at possibly adding them to policy (similar to the longstanding requirements in Microsoft's policy) as well as the CA/B Forum looks at adding them to the BRs. How would/should Mozilla gather feedback about potential changes to its Policies, directly or indirectly (e.g. the BRs), if not a CA communication? _______________________________________________ dev-security-policy mailing list dev-security-policy@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-security-policy
