> On Jan 18, 2017, at 7:18 AM, Gervase Markham <[email protected]> wrote: > > On 17/01/17 23:33, Jakob Bohm wrote: >> How about "_and versions and strong (>= 256 bits) hashes_", > > Do people think we need to go this far? > > If we do, we'll need them to specify filenames, not just document > titles. Otherwise, one wouldn't know if the hash was a .doc, a .pdf, or > what.
I don’t think hashes of documents is necessary, but I do think including the version information is critical. I would support requiring inclusion of the full distinguished names of all the CAs that are covered (and maybe their SPKI hash), as that is currently an even larger gap. Thanks, Peter _______________________________________________ dev-security-policy mailing list [email protected] https://lists.mozilla.org/listinfo/dev-security-policy
