On Tuesday, 20 June 2017 05:50:06 UTC+1, Matthew Hardeman wrote: > The right balance is probably revoking when misuse is shown.
Plus education. Robin has stated that there _are_ suitable CA products for this use case in existence today, but if I didn't know it stands to reason that at least some of the engineers at Cisco didn't know either. Knowing what the Right Thing is makes it easier to push back when somebody proposes (as they clearly did here) the Wrong Thing. If, at the end of the day, Cisco management signs off on the additional risk from doing the Wrong Thing because it's cheaper, or faster, or whatever, that's on them. But if nobody in their engineering teams is even aware of the alternative it becomes a certainty. _______________________________________________ dev-security-policy mailing list [email protected] https://lists.mozilla.org/listinfo/dev-security-policy
