On 04/06/17 03:03, Matt Palmer wrote:
> For whatever it is worth, I am a fan of this way of defining "misissuance".

This is an "enumerating badness" vs. "enumerating goodness" question. My
original draft attempted to (without limitation) enumerate some badness,
and you and Ryan are suggesting that it would be better instead to
enumerate goodness.

I agree. However, enumerating goodness is a bit harder because you need
to make sure you get all the goodness, so as not to accidentally ban
something you want. This we could do, but I feel it would require
consultation with CAs.

Therefore, I will add the non-limiting enumerating badness version to
the policy, as an improvement on the current wording which also
enumerates badness, but I've filed these two issues:


on improving this further in the future.

dev-security-policy mailing list

Reply via email to