(Not speaking for my employer.) Is this actually a problem that needs attention? How many certs, pre-Microsoft(*), have been revoked due to CPS errors? Is it even six figures?
Maybe this energy would be better directed towards things like greater audit transparency, which might actually improve the security of the web. (*) Microsoft is in the millions but they’re going to just let most of them expire instead of actually doing the revocation—shh! I don’t think we’re supposed to notice that! Mike -- You received this message because you are subscribed to the Google Groups "[email protected]" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To view this discussion visit https://groups.google.com/a/mozilla.org/d/msgid/dev-security-policy/CADQzZquRR76E0uCGNu-vckfzQs2kJkBb_R7R83r8o37f-Qs%3DPQ%40mail.gmail.com.
