On Monday, 7 August 2017 22:31:34 UTC+1, Jakob Bohm wrote:
> Since the CT made it possible, I have seen an increasing obsession with
> enforcing every little detail of the BRs, things that would not only
> have gone unnoticed, but also been considered unremarkable before CT.
Even if I had no other reason to be concerned about violations of the BRs (and
I do have plenty, as we saw here in this case it looks like the certificate can
be revoked but it effectively can't) the Brown M&M Rider reason is enough,
The rider (hospitality and technical requirements for a performing artist) can
be pretty detailed, some venues may glance at it and agree to whatever is
inside without knowing the details. This is a _huge_ problem, and Van Halen is
famous for a clause in their rider (requiring a bowl of M&Ms but with the brown
ones removed) which they say existed not out of spite but precisely to check
that the venue had actually read the rider in full and not just skimmed it, so
that they would have early warning if a particular venue were sloppy and might
cause surprise problems with technical implementation.
We need CAs to be detail oriented. It is not enough to "kinda, mostly" get this
job right. If you can't do _exactly_ what it says in the BRs, don't bother
doing it at all. Neither Mozilla nor any other trust store compel CAs to stay
in this business, if they decide they'd rather sell pancakes or mow lawns,
that's up to them. So long as they want to be trusted public CAs, they need to
obey the rules that are in place to make that safe for everybody.
dev-security-policy mailing list