I realize ekr is no longer part of Mozilla, but I am wondering on your thoughts on his previous dislike for CT? https://educatedguesswork.org/posts/transparency-part-2/
How did you overcome his criticisms? Did Mozilla just accept the CT shortcomings? I like CT personally, but I found his criticisms interesting and wanted to hear more about any discussion/decisions related to them. Congrats as well! On Tue, Feb 4, 2025 at 2:51 PM 'Jan Schaumann' via [email protected] <[email protected]> wrote: > Dana Keeler <[email protected]> wrote: > > > Could you clarify how this applies to custom CAs? > > > > For CAs that are not part of Mozilla's Root CA program (in other words, > CAs > > that are not built-ins shipped with Firefox), no certificate transparency > > information is required (in other words, for your custom CA, no action > > should be needed). > > The use of policies to exempt internal certificates or domains applies to > > situations where a publicly-trusted CA was used to issue certificates for > > domains that are intended to be internal to an organization. > > Thanks, that makes it clear. > > -Jan > > -- > You received this message because you are subscribed to the Google Groups " > [email protected]" group. > To unsubscribe from this group and stop receiving emails from it, send an > email to [email protected]. > To view this discussion visit > https://groups.google.com/a/mozilla.org/d/msgid/dev-security-policy/Z6KL1PP89G61L92e%40netmeister.org > . > -- You received this message because you are subscribed to the Google Groups "[email protected]" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To view this discussion visit https://groups.google.com/a/mozilla.org/d/msgid/dev-security-policy/CAFK%3DoS8FWvYwaaDQw%3DThgrmU50KeOWotAONJ45fv4VC7ANT%3DJA%40mail.gmail.com.
