On 08/11/16 19:08, Peter Bowen wrote: > Yes, that is how one fixes it. But I'm worried that CAs may think > they properly followed the requirement and then find themselves > penalized. Hence my suggestion to focus on CAs that clearly have not > even attempted to follow the requirement.
For which of the CAs on the list is this the only problem? Having asked that, it may be that we have not communicated that we will be using this list. We should send a final warning email to all affected CAs about this plan a week or two in advance, and encouraging them to make sure they aren't on it. Gerv _______________________________________________ dev-security-policy mailing list [email protected] https://lists.mozilla.org/listinfo/dev-security-policy
