On Thu, Sep 10, 2015 at 01:20:02PM -0700, Kathleen Wilson wrote: > Proposal for version 2.3 of Mozilla's CA Certificate Policy: > > Remove the code signing trust bit. > > If this proposal is accepted, then there would be follow-up action items > that would need to happen after version 2.3 of the policy is published: > 1) Remove any root certificates that do not have the Websites and/or Email > trust bit set. > 2) Remove references to Code Signing trust bits from Mozilla's wiki pages.
I guess I would like to go the other way by making it more strict what is required to be included. I would for instance only want to see EV for code signing certificates, and a requirement for timestamping. I would like to see requirements equivalent to the those for SSL certificates. I would have no problem that all code signing trust settings are removed until we're ready to accept them, and I expect that to take a long time. Kurt _______________________________________________ dev-security-policy mailing list [email protected] https://lists.mozilla.org/listinfo/dev-security-policy
