On 19/05/15 13:14, Kurt Roeckx wrote: > On 2015-05-14 17:25, Gervase Markham wrote: >> CAs currently in Mozilla's program which may fit one or more definitions >> of "government CA" are: > > It might be a little out of scope of your question, but maybe we should > agree on what we think the (government) CAs should be able to do and > what not.
It is out of scope. If the security analysis for governments turns out to be exactly the same as that for commercial CAs, then there is no argument for making their capabilities any different. If we decide the analysis is, in fact, different, we can then go on to consider what the reasons we have identified for the difference suggest to us about the best way to react to that difference. Gerv _______________________________________________ dev-security-policy mailing list [email protected] https://lists.mozilla.org/listinfo/dev-security-policy
