On Mon, May 16, 2016 at 02:22:08PM +0200, Richard Z wrote: > On Sun, May 15, 2016 at 05:43:39PM -0700, Peter Bowen wrote: > > > Some CAs may choose to not issue to sites known to inject malware, but > > this outside the scope of the SSL requirements. The EV Guidelines it > > very clear that the reputation and actions of the Subject are not in > > scope: > > knowingly issuing/tolerating certificates for sites known to inject > malware is > * contrary to user expectaions
[Citation needed] > * possible case of criminal felony and a liablility issue [Citation needed] - Matt _______________________________________________ dev-security-policy mailing list dev-security-policy@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-security-policy
