On Wednesday, April 4, 2018 at 3:39:46 PM UTC-7, Wayne Thayer wrote: > On Wed, Apr 4, 2018 at 2:44 PM, Ryan Hurst via dev-security-policy < > > My opinion on this method and on Adrian's comments is that the CA/Browser > Forum, with it's new-found ability to create an S/MIME Working Group, is a > better venue for formulating secure email validation methods. Does it make > sense for us to define more specific email validation methods in this forum > when it's likely the CA/Browser Forum will do the same in the next year or > two?
I understand that position, and maybe this is acceptable, but I believe the removal of "business controls" (which to be clear I like) prohibits this practice when it is reasonable and even desirable. I was thinking until an S/MIME policy is established some accommodation of federated login in the mozilla policy accompanying the removal of "business controls" would address that. _______________________________________________ dev-security-policy mailing list firstname.lastname@example.org https://lists.mozilla.org/listinfo/dev-security-policy