On 13/02/17 16:18, Peter Bowen wrote: > In addition to updating it to follow formal policy language, I would > suggest adding it directly to the policy. As it stands today there > are 79 pages in the wiki starting with "CA:". It simply isn't > possible to know which ones are effectively part of the policy and > which are other random things.
That's a fair point, and something I am slowly working on fixing. The new CCADB policy will clean up some of this. > I realize building and maintaining > long policies is time consuming, but it is important to be clear. CAs > are routinely called out for unclear or incomplete CPs and CPSes, so I > think it is fair to ask Browsers to have clear and complete trust > store policies. Fair point. To be more precise: the current requirement is anchored in the sentence(s) in the policy which request disclosure of company ownership changes. A total lack of disclosure would be treated seriously. A disclosure which didn't meet Kathleen's document exactly would be treated less so. I agree that having multiple "severities" of policy is not ideal. My current roadmap, FWIW, is: * Finish policy 2.4 (ideally by the end of this month) * Help Kathleen with a CA Communication about it and other current matters * Reorganise 2.4; issue 2.4.1 with no material changes * Think about 2.5, which might include this improvement. I have filed: https://github.com/mozilla/pkipolicy/issues/57 about cleaning up this document. Gerv _______________________________________________ dev-security-policy mailing list [email protected] https://lists.mozilla.org/listinfo/dev-security-policy
