Ryan Sleevi <[email protected]> wrote: > On Thu, October 15, 2015 12:30 pm, Kathleen Wilson wrote: > > It was previously suggested[1] that we align Mozilla's CA Certificate > > Policy to RFC 3647, so CAs can compare their CP/CPS side-by-side with > > Mozilla's policy, as well as the BRs and audit criteria (such as the > > forthcoming ETSI 319 411 series). > > Kathleen, > > I remain incredibly dubious and skeptical of the proposed value, and thus > somewhat opposed. Though I've been a big proponent of adopting the 3647 > format for the CA/Browser Forum documents, I don't believe that root store > requirements naturally fit into that form, nor should they.
I agree with Ryan. The organization of Mozilla's policy is good. The technical requirements need to be improved. We should focus on improving the technical requirements, not the organization. Cheers, Brian -- https://briansmith.org/ _______________________________________________ dev-security-policy mailing list [email protected] https://lists.mozilla.org/listinfo/dev-security-policy
