On Friday, September 9, 2016 at 4:42:12 AM UTC-7, Rob Stradling wrote: > That's a good point. So, to fix my proposal... > > For CAs that are on (borrowing Matt's wording) "quintuple secret > probation" due to a "history of shenanigans with notBefore dates", > browsers could require that:
Right, I suppose I could have been clearer - I don't think there's a "quintuple secret probation" concept, and that promoting it as such is probably harmful, long term, to both Mozilla users and the overall ecosystem. We shouldn't think of CT as a 'punishment' or 'probationary period'. Transparency is just one aspect of public trust, and all CAs - whether misissuance or not - should ideally adopt CT in a verifiable way. While it's true that some CAs may have timelines for CT accelerated to improve trust by improving transparency, we should be careful against advocating solutions that trying to bifurcate trust. _______________________________________________ dev-security-policy mailing list [email protected] https://lists.mozilla.org/listinfo/dev-security-policy
