El domingo, 14 de febrero de 2016, 21:10:57 (UTC+1), Matt Palmer escribió: > If so, have you complied with the next paragraph of section 8 of the BRs, > which states "The parties involved SHALL notify the CA/Browser Forum of the > facts, circumstances, and law(s) involved, so that the CA/Browser Forum may > revise the requirements accordingly."? > > If you haven't, then you're acting in bad faith by attempting to selectively > apply the provisions of the BRs, rather than taking them as a whole in the > spirit which they were intended. If you *have*, then it would be valuable > to summarise the deliberations of the Forum here, so that the Mozilla > community may evaluate the outcomes of those deliberations with regards to > the relevant Mozilla policies. >
We don't agree about your insinuation of "acting in bad faith". As far as we know, it was notified at CABForum by an Spanish CA and that approach must be accepted because all of the Spanish CAs (included those who are CAB Forum members) are issuing certificates in this way. Maybe a Mozilla's representative at CAB Forum may supply additional information about it. > > It should be an exception to support this special feature. > > No, the CABF should amend the requirements to match reality, and then > everyone else can change their tools as a result. > Also, we don't suggest that tools must be modified for now but that an exception with this requirement be made, as it was suggested before: "It may be considered an audit qualification that says that including Directory Names is acceptable" _______________________________________________ dev-security-policy mailing list [email protected] https://lists.mozilla.org/listinfo/dev-security-policy
