On Friday, 6 May 2016 11:59:32 UTC+1, Rob Stradling wrote: > Nick, IIUC you're arguing for "CoAP" (to use Richard's terminology). Is > that right?
I suppose so. I think Richard has the trust arrow upside down in his reflection on this policy. Take his scenario in which a SubCA (A) is surprised to discover that its previously constrained parent (B) has now obtained an unconstrained certificate from a trusted root (C). Richard seems concerned that this puts A in an awkward position, but what idiot is running C? They've just issued an unconstrained certificate to B, and they apparently didn't so much as reach out to previously constrained A, never mind having it properly audited for the new responsibilities they've given it. Did they even review the signatures from B to ensure they knew A existed? Nobody should trust C after this. With C untrusted, the unconstrained certificate they've erroneously issued is now worthless and A can continue to be as well run as it was before - once its leadership team have recovered from their heart attacks. _______________________________________________ dev-security-policy mailing list [email protected] https://lists.mozilla.org/listinfo/dev-security-policy
