On 09/02/2017 10:06, Gervase Markham wrote: > We require disclosure of root ownership transfer, but not _public_ > disclosure.
Would Mozilla's root program consider changing this requirement so that it *does* require public disclosure, or are there convincing reasons not to? At first glance, it seems like 'guiding' CAs towards additional transparency in the CA market/industry/... might be helpful to people outside Mozilla's root program itself.
~ Gijs _______________________________________________ dev-security-policy mailing list dev-security-policy@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-security-policy