On Tue, March 24, 2015 3:27 pm, Kai Engert wrote: > Couldn't you get an intermediate that's constrained to the list of > domains that Google controls?
And this was the part that has been repeatedly discussed on this list and in the CA/Browser Forum, and which the answer for Google (and for a large number of holders of intermediate CAs), "no". I don't mean to be dismissive, but this is certainly not the first - or the fifth - time this has come up. Without digging through the archives to point you to specific messages, I think if you look during the past discussions of "Technical Constraints" you can see why the dual-policy (constrained || disclosed & audited) was adopted. I don't think adopting a single-policy (constrained) addresses any of the concerns raised then and that still apply now. Cheers _______________________________________________ dev-security-policy mailing list [email protected] https://lists.mozilla.org/listinfo/dev-security-policy
