On 07/02/17 21:02, okaphone.elektron...@gmail.com wrote: > You start by noticing "The scope of the BRs is a matter of > debate..." > > And then you use that same "scope of the BRs" in 1) to specify > Mozilla's requirements. Isn't that somewhat strange, if what you are > trying to do is solve some problems that are caused by the former?
It may seem that way, but no :-) The reason is that the BRs ban SHA-1 issuance entirely, so a CA cannot be advantaged if it tries to dodge this policy by claiming "actually, this cert is within the scope of the BRs and so your SHA-1 restrictions do not apply". Gerv _______________________________________________ dev-security-policy mailing list dev-security-policy@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-security-policy