On Wed, Apr 1, 2026 at 11:08 AM Nico Williams <[email protected]> wrote:
> I don't see how the IAB, IESG, or IETF can possibly accept the program's > policy change Why do those groups have to "accept" the change? Do they commonly review or require changes to browser root programs (including the Microsoft and Apple ones which are aligned with the change to clientAuth issuance from included roots)? I've been quite involved in WebPKI discussions and I've never previously heard about IETF or related approval being required or even appropriate for those programs' policies. Are there other elements of the policies that you think should be subject to IETF approval? Mike
_______________________________________________ TLS mailing list -- [email protected] To unsubscribe send an email to [email protected]
