On 19/09/17 16:27, Peter Bowen wrote:
> I think your statement is a little broad.  Every CA only issues
> certificates to themselves and their own customers (or as the BRs call
> them "Subscribers").  

Yes, you are right. "Customers" was the wrong word. Perhaps I rather
meant they only issue to "organizations with whom they have a business
relationship which does not centre around certificates"? Or something
like that.

> The included CAs list

i.e.
https://ccadb-public.secure.force.com/mozilla/IncludedCACertificateReport

> indicates it never followed the current Mozilla
> inclusion process, but is one of four "legacy" CAs.  

(See column "Approval Bug")

Gerv
_______________________________________________
dev-security-policy mailing list
dev-security-policy@lists.mozilla.org
https://lists.mozilla.org/listinfo/dev-security-policy

Reply via email to