On Monday, 7 August 2017 22:31:34 UTC+1, Jakob Bohm wrote: > Since the CT made it possible, I have seen an increasing obsession with > enforcing every little detail of the BRs, things that would not only > have gone unnoticed, but also been considered unremarkable before CT.
Even if I had no other reason to be concerned about violations of the BRs (and I do have plenty, as we saw here in this case it looks like the certificate can be revoked but it effectively can't) the Brown M&M Rider reason is enough, The rider (hospitality and technical requirements for a performing artist) can be pretty detailed, some venues may glance at it and agree to whatever is inside without knowing the details. This is a _huge_ problem, and Van Halen is famous for a clause in their rider (requiring a bowl of M&Ms but with the brown ones removed) which they say existed not out of spite but precisely to check that the venue had actually read the rider in full and not just skimmed it, so that they would have early warning if a particular venue were sloppy and might cause surprise problems with technical implementation. We need CAs to be detail oriented. It is not enough to "kinda, mostly" get this job right. If you can't do _exactly_ what it says in the BRs, don't bother doing it at all. Neither Mozilla nor any other trust store compel CAs to stay in this business, if they decide they'd rather sell pancakes or mow lawns, that's up to them. So long as they want to be trusted public CAs, they need to obey the rules that are in place to make that safe for everybody. _______________________________________________ dev-security-policy mailing list dev-security-policy@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-security-policy