On Friday, August 30, 2019 at 8:58:17 PM UTC+2, Ryan Sleevi wrote:
> On Fri, Aug 30, 2019 at 11:26 AM Jeremy Rowley via dev-security-policy <


> Despite all of the writing above, I'm too lazy to copy/paste my comment
> from the Let's Encrypt issue, but I would hope any CA contemplating things
> should look at https://bugzilla.mozilla.org/show_bug.cgi?id=1577652#c3 in
> terms of a possible 'ideal' flow, and to share concerns or considerations
> with that. Even better would be CAs that have suggestions on how best to
> codify and memorialize that suggestion, if it's sensible and correct.

I added a comment to the bugzilla. I think there are several ways the process 
can be made safe, depending on the way a CA operates and which technologies are 
dev-security-policy mailing list

Reply via email to