Thanks Matthew, you make some excellent points. I will note that section
3.1.6 of Let's Encrypt's CPS states "While ISRG will comply with U.S. law
and associated legal orders,...". I am not a Lawyer, so I can only presume
that there is some legal provision for the situations you've described.
On
On Mon, Jan 14, 2019 at 5:45 PM Wayne Thayer via dev-security-policy <
dev-security-policy@lists.mozilla.org> wrote:
> > Am I wrong to expect US CAs to be monitoring OFAC sanctions lists?
> Otherwise they would risk violating the typical "comply with applicable
> law" stipulation in section 9 of
On Fri, Jan 11, 2019 at 11:51 AM Doug Beattie via dev-security-policy <
dev-security-policy@lists.mozilla.org> wrote:
> A few of us have been discussing the usareally.com "issue" recently. In
> case you didn't know, the US Treasure put out a notice that US companies
> must not do business with
A few of us have been discussing the usareally.com "issue" recently. In
case you didn't know, the US Treasure put out a notice that US companies
must not do business with USA Really:
https://home.treasury.gov/news/press-releases/sm577
Let's Encrypt mapped that release to
4 matches
Mail list logo
