On 09/09/16 18:25, Ryan Sleevi wrote: > On Friday, September 9, 2016 at 4:42:12 AM UTC-7, Rob Stradling wrote: >> That's a good point. So, to fix my proposal... >> >> For CAs that are on (borrowing Matt's wording) "quintuple secret >> probation" due to a "history of shenanigans with notBefore dates", >> browsers could require that: > > Right, I suppose I could have been clearer - I don't think there's a > "quintuple secret probation" concept, and that promoting it as such is > probably harmful, long term, to both Mozilla users and the overall ecosystem. > > We shouldn't think of CT as a 'punishment' or 'probationary period'.
I was thinking of it as a 'consequence'. ;-) > Transparency is just one aspect of public trust, and all CAs - whether > misissuance or not - should ideally adopt CT in a verifiable way. +1, of course. > While it's true that some CAs may have timelines for CT accelerated to > improve trust by improving transparency, we should be careful against > advocating solutions that trying to bifurcate trust. True. -- Rob Stradling Senior Research & Development Scientist COMODO - Creating Trust Online _______________________________________________ dev-security-policy mailing list [email protected] https://lists.mozilla.org/listinfo/dev-security-policy
