"The Mozilla CA policy will not define/change CA policies and practices. No new audits are needed. Nothing will change in this respect."
Untrue. Currently the UI is the same for all SSL, no matter the quality. You are proposing to use the UI to differentiate between grades of SSL ... then you better be sure the cert quality matches up to the UI representation. If Moz is saying "this cert is X" then Moz needs to be sure it really is X. You can't leave the grading or the compliance up to the CAs. _______________________________________________ dev-security mailing list dev-security@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-security