On Fri, Mar 24, 2017 at 1:30 PM, Jakob Bohm via dev-security-policy < dev-security-policy@lists.mozilla.org> wrote:
> Examples discussed in the past year in this group include the Taiwan > GRCA roots and several of the SubCAs hosted by Verizon prior to the > DigiCert transition. Apologies for not remembering, but I don't recall the relationship of either of those discussions to what you described. However, it's very easy I'm wrong. Could you link to the threads (ideally, the messages) you believe that captures this description, so that I can better understand? Peter is correct, we discussed something slightly different, so apologies for misunderstanding what you were proposing versus what we discussed. It sounds like what you're describing is what we discussed (white-label), except the person signing the management assertion is also acting as a Delegated Third Party for validation. However, because they're the ones signing the assertion, they're the ones in scope for the audit presented to root stores - correct? _______________________________________________ dev-security-policy mailing list dev-security-policy@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-security-policy
