On Thu, Nov 20, 2014 at 6:22 AM, Richard Barnes <[email protected]> wrote: > I am from Mozilla, and the replies here are exactly right. From the > perspective of the Mozilla root CA program, Let's Encrypt will be treated as > any other applicant, should they choose to apply. No "immediate acceptance", > no "less audited" -- same audit requirements and application process as > everyone else.
I don't see the issue here. Comodo has been giving away certs for 8 years now. So have other CAs. Mozilla has known about that. It has never been raised as an issue at roll over. The issue with CACert wasn't that they were refused, they withdrew their application after they realized that they were never going to meet the audit criteria. The only different thing here is that this time there is a proposal for an automated enrollment protocol as well and presumably a commitment to implementing it. I have been calling for an automated enrollment protocol for quite a while. This is the one I wrote for PRISM-PROOF email: http://tools.ietf.org/html/draft-hallambaker-omnipublish-00 I was considering a wide range of scenarios ranging from EV certs to certs for the coffee pot. Paid, unpaid, strong validation, DV, etc. My model is subtly different but that was in part because I have worked with Stephen Farrell, the current Security AD on five different enrollment protocols over the years and I wanted to avoid the 'what again?' response. _______________________________________________ dev-security-policy mailing list [email protected] https://lists.mozilla.org/listinfo/dev-security-policy
