On 01/05/17 18:53, Lee wrote: > You seem to be replacing a "meets or exceeds" requirement with a > "strictly meets" requirement.
That is not particularly the intention. I think that the Baseline nature of the Baseline Requirements means that CAs know it's generally OK to go above and beyond what it requires. > In other words, make it clear to an auditor that while the CA must > meet the baseline requirements, it's not an audit failure if they go > above & beyond the minimum requirements of domain validation. Well, CAs are not audited to the Mozilla Policy, they are audited to the BRs. :-) Gerv _______________________________________________ dev-security-policy mailing list dev-security-policy@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-security-policy