So it benefits the CA (potentially hostile CAs) to getting in quicker, but at profound risk to users, even if the CA is removed.
If a CA takes more than 2 years to get included, it's almost always because they're not actually keeping the checks, documentation, and audits. On Thu, Mar 8, 2018 at 3:36 PM, Anis via dev-security-policy < [email protected]> wrote: > we keep the checks and the audits according to cabf. We reduce the > discussion time to 6 months. After the inclusion is set a period of one > year of compliance testing. while controlling the certificates issued by > this authority. we can exclude the root ca in the next versions. > you do not notice the heaviness of the procedure which now takes more than > 2 years. > _______________________________________________ > dev-security-policy mailing list > [email protected] > https://lists.mozilla.org/listinfo/dev-security-policy > _______________________________________________ dev-security-policy mailing list [email protected] https://lists.mozilla.org/listinfo/dev-security-policy
