> Not Kathleen here, but it seems to make sense to me, for the same reason > Item 3 makes sense. That is, in Item 3, Apple's deployed a policy, and > there's > a question about if/when Mozilla should do the same. Item 4 seems similar - > 4.1 is a Microsoft requirement, 4.2 is an existing Mozilla implementation > requirement (and RFC 5280 requirement), 4.3 is moving a CCADB SHOULD to > a MUST, and 4.4 is a Microsoft requirement.
I agree that the intent of item 3 is clear, given the previous discussion on the topic [1]. However, there is no corresponding discussion on the Mozilla list (nor any Github issues [2]) for item 4 and the associated sub-items, which is why I asked for clarification on intent. Thanks, Corey [1] https://groups.google.com/d/msg/mozilla.dev.security.policy/mz1buYdIy-I/oo9zHBADAQAJ [2] https://github.com/mozilla/pkipolicy/issues
smime.p7s
Description: S/MIME cryptographic signature
_______________________________________________ dev-security-policy mailing list dev-security-policy@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-security-policy