On 03/25/2015 12:54 AM, Erwann Abalea wrote: > See also Mozilla CA Policy, > https://www.mozilla.org/en-US/about/governance/policies/security-group/certs/policy/inclusion/, > point 10. > This unconstrained sub-CA MUST have been audited and disclosed to Mozilla > *before* it was able to issue certificates.
Thank you - I was waiting for someone to finally say this. This is a bit like Trustwave - "what, it's an industry practice?" Ralph _______________________________________________ dev-security-policy mailing list [email protected] https://lists.mozilla.org/listinfo/dev-security-policy
