Hi Mike, On Thu, 12 Jun 2025, Mike Shaver wrote:
And to borrow an old turn of phrase, if the penalty for a violation is a fine, then the law only applies to poor CAs.
I clearly agree that would be an issue when it comes to BR violations, but I am not suggesting for CAs to be able to opt out of them in such a fashion. My curiosity only covers optional, additional commitments a CA might award Relying Parties through their CP/CPS.
And in that scenario, I fail to see how transparently communicated commitments alongside the incentive structure of the CA to follow them would create a dynamic subject to your concern.
Is the concern that "rich" CAs would voluntarily commit to additional limitations, only to then violate them as some part of a "weird flex"? If not that, what is it?
Tobi -- You received this message because you are subscribed to the Google Groups "[email protected]" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To view this discussion visit https://groups.google.com/a/mozilla.org/d/msgid/dev-security-policy/1b4d4e53-4a24-a520-c0d5-9a7c40972cc5%40opera.com.
