On Tue, September 8, 2015 12:10 am, Jürgen Brauckmann wrote: > No, they would not abide to mozillas policies, because they would > violate the requirements set forth by the audit schemes. > > Juergen
Hi Juergen, I fear that others using the store for S/MIME or code-signing would think the same as you. The reality is that this is not the case, which is why it's all the more reason to make an informed decision. As it stands, you could do each of those things I explicitly mentioned and still pass a "WebTrust for CAs" audit with flying colours, and argue full adherence to Mozilla's policies at the same time. We know when there's been a benefit of the doubt due to misinterpretation, the Root Store Module Owners/Peers have erred on the side of being generous with the interpretation, so there's probably more that Honest Achmed (or his relative, Evil CA Achmed) could do - that defies expectations, but complies with all requirements. Regards, Ryan _______________________________________________ dev-security-policy mailing list dev-security-policy@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-security-policy