On Thu, Mar 29, 2018 at 12:55 PM, Ryan Sleevi <[email protected]> wrote:
> > I think, for new CAs, the KGC report and the stated CP/CPS, combined with > ensuring that the next audit that covers the period of time stated on the > KGC report includes that certificate, seems like a reasonable balance. > I'll add this to the list for 2.6 and propose some language in a new "Policy 2.6 Proposal" thread. Thanks, Wayne _______________________________________________ dev-security-policy mailing list [email protected] https://lists.mozilla.org/listinfo/dev-security-policy
