On Thursday, 20 April 2017 14:03:36 UTC+1, Gervase Markham  wrote:
> I propose this section be removed from the document.

I am not so sure the section ought to be removed. Wildcard DV is potentially 
problematic. Historically we have seen problems that wouldn't have happened or 
would be much less serious without Wildcard DV issuance. In particular because 
domain "validation" for the wildcard is sketchy.

While of course the Ballot 169 rules are a big improvement, I'm really not sure 
I'm comfortable with the implication today that well, we did one of the Ballot 
169 checks for example.com, so now we'll issue for *.example.com and everything 
is just fine.

I'm not so uncomfortable with it that I want Mozilla to try to get it stopped, 
but I think signalling some residual discomfort here is worthwhile until 
somebody has thought through a good policy, and preferably at least got the big 
CAs to go along with it in principle even if we don't have it in formal Mozilla 
policy or the BRs.
dev-security-policy mailing list

Reply via email to