On 2/7/2017 11:15 AM, Jakob Bohm wrote: > Root certificates previously withdrawn for this purpose are encouraged > to report this fact to Mozilla by ???? and to maintain valid entries in > the CCADB for such roots, all for the benefit of organizations that > maintain or service software that are or interoperate with such older > software.
No. Root certificates do NOT report anything. The certification authorities that own the root certificates do the reporting. Confusing certificates with their owners propagates into confusion among subscribers, developers, and users. This is also seen with "CA". That acronym means "certification authority", but it is too often seen to mean "root certificate". Enforceable policies require that all terminology be accurate and unambiguous. -- David E. Ross <http://www.rossde.com/> Paraphrasing Mark Twain, who was quoting someone else: There are three kinds of lies: lies, damned lies, and alternative truths. _______________________________________________ dev-security-policy mailing list [email protected] https://lists.mozilla.org/listinfo/dev-security-policy
