On 2017-12-09 at 08:59 -0700, Wayne Thayer wrote:
> It can be confusing even for people following these things. That's where I
> think collecting problem reporting info from audited sub-CAs in CCADB would
> help.
> For everyone else, finding the correct problem reporting information is
> mostly a matter of luck. Perhaps we should require an email address be
> included in the end-entity certificate? Unless that info was exposed in the
> browser, it would still be difficult to find, but at least it would then be
> in a consistent location.

Rather than an email, I think it should be a url. That could be an email
through the use of mailto:, but I suspect CAs will find preferable to
provide a web page where they explain what it is for, how to submit,

dev-security-policy mailing list

Reply via email to