On Fri, Oct 14, 2016 at 3:44 PM, Peter Gutmann
> Ryan Sleevi <r...@sleevi.com> writes:
>>What is the goal of the root program? Should there be a higher bar for
>>removing CAs than adding them? Does trust increase or decrease over time?
> Another thing I'd like to bring up is the absolute silence of the CAB forum
> over all this. Apple have quietly unilaterally distrusted, Mozilla have
> debated at length (three months now) and are taking action, but the regulatory
> body that should be taking charge, the CAB forum, has (apparently) taken
> absolutely no action.
The CA/Browser Forum is not a regulatory body. They publish
guidelines but do not set requirements nor regulate compliance. The
Forum does not require that members follow the Forum guidelines; it
only requires that they are either a browser or CA operator following
the basic WebTrust requirements or ETSI requirements.
What action would you expect the Forum to be taking?
dev-security-policy mailing list