On 09/03/16 21:04, Richard Barnes wrote:
On Wed, Mar 9, 2016 at 4:01 PM, Jeremy Rowley <[email protected]>
wrote:
Restricting by root isn't feasible. The browsers limit the number of root
CAs each CA can have.
[citation-needed] (?)
Here's one example:
https://www.apple.com/certificateauthority/ca_program.html
"A maximum of three roots per CA provider can be accepted because each
additional root negatively impacts users by increasing download time."
<snip>
--
Rob Stradling
Senior Research & Development Scientist
COMODO - Creating Trust Online
_______________________________________________
dev-security-policy mailing list
[email protected]
https://lists.mozilla.org/listinfo/dev-security-policy
