The way I see it, this is a clear violation of the Mozilla CA Certificate Maintenance Policy! If such a violation has no consequence at all for the CA, what example would that be? Wouldn't it encourage all CAs to ignore the policy in the future? I see it this way: StartSSL violates the policy, so it HAS to be removed! One can then argue about changing the policy, and re add StartSSL if they comply to (a maybe changed) policy!
But until the policy is changed, every CA violating it has to be removed! No discussions! This is just my opinion, of course! _______________________________________________ dev-security-policy mailing list [email protected] https://lists.mozilla.org/listinfo/dev-security-policy
