On 19/09/17 16:27, Peter Bowen wrote: > I think your statement is a little broad. Every CA only issues > certificates to themselves and their own customers (or as the BRs call > them "Subscribers").
Yes, you are right. "Customers" was the wrong word. Perhaps I rather meant they only issue to "organizations with whom they have a business relationship which does not centre around certificates"? Or something like that. > The included CAs list i.e. https://ccadb-public.secure.force.com/mozilla/IncludedCACertificateReport > indicates it never followed the current Mozilla > inclusion process, but is one of four "legacy" CAs. (See column "Approval Bug") Gerv _______________________________________________ dev-security-policy mailing list firstname.lastname@example.org https://lists.mozilla.org/listinfo/dev-security-policy