I believe you’ve still implied, even in this reply, that this is something serious or important. I see no reason to believe that is the case, and I wasn’t sure if there was anything more than a “Here’s a SHOULD and here’s people not doing it,” which doesn’t seem that useful to me.
On Fri, May 22, 2020 at 2:52 PM Hanno Böck <ha...@hboeck.de> wrote: > Hi, > > On Fri, 22 May 2020 09:55:22 -0400 > Ryan Sleevi via dev-security-policy > <dev-security-policy@lists.mozilla.org> wrote: > > > Could you please cite more specifically what you believe is wrong > > here? This is only a SHOULD level requirement. > > I think I said that more or less: > > > > I'm not going to file individual reports for the CAs. Based on > > > previous threads I don't believe these are strictly speaking rule > > > violations. > > I'm not claiming this is a severe issue or anything people should be > worried about. > It's merely that while analyzing some stuff I observed that AIA fields > aren't as reliable as one might want (see also previous mails) and the > mime types are one more observation I made where things aren't what they > probably SHOULD be. > I thought I'd share this observation with the community. > > -- > Hanno Böck > https://hboeck.de/ > _______________________________________________ dev-security-policy mailing list dev-security-policy@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-security-policy