On Monday, 7 August 2017 22:31:34 UTC+1, Jakob Bohm  wrote:
> Since the CT made it possible, I have seen an increasing obsession with
> enforcing every little detail of the BRs, things that would not only
> have gone unnoticed, but also been considered unremarkable before CT.

Even if I had no other reason to be concerned about violations of the BRs (and 
I do have plenty, as we saw here in this case it looks like the certificate can 
be revoked but it effectively can't) the Brown M&M Rider reason is enough,

The rider (hospitality and technical requirements for a performing artist) can 
be pretty detailed, some venues may glance at it and agree to whatever is 
inside without knowing the details. This is a _huge_ problem, and Van Halen is 
famous for a clause in their rider (requiring a bowl of M&Ms but with the brown 
ones removed) which they say existed not out of spite but precisely to check 
that the venue had actually read the rider in full and not just skimmed it, so 
that they would have early warning if a particular venue were sloppy and might 
cause surprise problems with technical implementation.

We need CAs to be detail oriented. It is not enough to "kinda, mostly" get this 
job right. If you can't do _exactly_ what it says in the BRs, don't bother 
doing it at all. Neither Mozilla nor any other trust store compel CAs to stay 
in this business, if they decide they'd rather sell pancakes or mow lawns, 
that's up to them. So long as they want to be trusted public CAs, they need to 
obey the rules that are in place to make that safe for everybody.
dev-security-policy mailing list

Reply via email to