On Mon, Apr 3, 2017 at 12:58 PM, Jakob Bohm via dev-security-policy < dev-security-policy@lists.mozilla.org> wrote: > > taking a holiday and not being able to process a disclosure of a new > SubCA. >
Considering that the CCADB does not require any of these parties to process a disclosure, can you again explain why the proposed wording would not be sufficient? I think you may be operating on incomplete/incorrect assumptions about disclosure, and it would be useful to understand what you believe happens, since that appears to have factored in to your suggestion. Given that the proposal allows the CA to fully self-report (if they have access) or to defer until they do have access, that does seem entirely appropriate and relevant to allow for one week. _______________________________________________ dev-security-policy mailing list dev-security-policy@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-security-policy
