On Fri, Oct 14, 2016 at 3:44 PM, Peter Gutmann
<pgut...@cs.auckland.ac.nz> wrote:
> Ryan Sleevi <r...@sleevi.com> writes:
>>What is the goal of the root program? Should there be a higher bar for
>>removing CAs than adding them? Does trust increase or decrease over time?
> Another thing I'd like to bring up is the absolute silence of the CAB forum
> over all this.  Apple have quietly unilaterally distrusted, Mozilla have
> debated at length (three months now) and are taking action, but the regulatory
> body that should be taking charge, the CAB forum, has (apparently) taken
> absolutely no action.

The CA/Browser Forum is not a regulatory body.  They publish
guidelines but do not set requirements nor regulate compliance.  The
Forum does not require that members follow the Forum guidelines; it
only requires that they are either a browser or CA operator following
the basic WebTrust requirements or ETSI requirements.

What action would you expect the Forum to be taking?

dev-security-policy mailing list

Reply via email to