On 24/01/18 21:41, Wayne Thayer wrote: > First off, I question if we would really use lesser sanctions more often. I > think we would still want to coordinate their implementation with other > user agents, and that is a tedious process.
I think it's important for root programs to make independent decisions, therefore I would be uneasy about too high a level of coordination with regard to CA sanctions. Once two root programs have both decided to take similar action, it is reasonable to coordinate to make sure the impact of the two requirements is not disproportionate compared to the impact each individual root program is attemping to have. But that's different from saying: "We are going to sanction CA Foo - are you in?", or even "We'll sanction CA Foo if you do." Gerv _______________________________________________ dev-security-policy mailing list [email protected] https://lists.mozilla.org/listinfo/dev-security-policy

