On Wednesday, April 4, 2018 at 3:39:46 PM UTC-7, Wayne Thayer wrote:
> On Wed, Apr 4, 2018 at 2:44 PM, Ryan Hurst via dev-security-policy <
> > My opinion on this method and on Adrian's comments is that the CA/Browser
> Forum, with it's new-found ability to create an S/MIME Working Group, is a
> better venue for formulating secure email validation methods. Does it make
> sense for us to define more specific email validation methods in this forum
> when it's likely the CA/Browser Forum will do the same in the next year or
> two?

I understand that position, and maybe this is acceptable, but I believe the 
removal of "business controls" (which to be clear I like) prohibits this 
practice when it is reasonable and even desirable.

I was thinking until an S/MIME policy is established some accommodation of 
federated login in the mozilla policy accompanying the removal of "business 
controls" would address that.
dev-security-policy mailing list

Reply via email to