On 13/10/16 20:52, Gervase Markham wrote:
> StartCom/WoSign have indicated ro me that they may have trouble
> complying with the non-Google log requirement because it's hard to find
> a non-Google log which can scale sufficiently. I suggest we allow them
> some leeway on this but they need to demonstrate evidence of efforts to
> meet the requirement.
Gerv, does Mozilla need to make a final decision on this point immediately?
I very much hope that there will be more CT logs by the time StartCom
and/or WoSign are readmitted into Mozilla's trust list. Why not delay
making this decision until nearer that time?
Alternatively, why not just rely on the mechanisms built into CT for
detecting log misbehaviour? ;-)
> If anyone reading controls a CT log which could accept their volume,
> even for payment, please contact StartCom/WoSign and let Mozilla know
> you have done so.
Senior Research & Development Scientist
COMODO - Creating Trust Online
dev-security-policy mailing list