Hello, I am writing to seek clarification on the interpretation of the Mozilla Root Store Policy.
In reviewing the latest version, I noted that the explicit "Non-discrimination" clause, present in previous versions, has been removed. This change raises a question about the current standards for CA conduct under the policy. Specifically, this relates to Section 2.1, CA Operations which requires CAs to operate under "published criteria that we deem acceptable" To provide a concrete example, a Mozilla-trusted CA based in Poland recently denied my application for a standard S/MIME certificate. The sole reason provided for this refusal was my Belarusian nationality. This action was taken despite my status as a long-term legal resident of the Poland. For clarity, I am not on any sanctions list, and the CA has no legal obligation to deny service on this basis. Given the absence of the specific non-discrimination clause, my question is: How does Mozilla now assess the "acceptability" of a CA's operational criteria when it results in a categorical denial of service based on nationality, particularly when no legal requirements compel such a decision? Thank you for your time and clarification. -- You received this message because you are subscribed to the Google Groups "[email protected]" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To view this discussion visit https://groups.google.com/a/mozilla.org/d/msgid/dev-security-policy/b744c853-ffcf-4b2d-9914-3386f51e8fb5n%40mozilla.org.
