On Tue, Oct 1, 2019 at 3:34 AM Rob Stradling <r...@sectigo.com> wrote:
> > I propose that you update [4] to say that Mozilla won't treat > non-compliance with [4] as an "incident" whilst it remains the case that > the BRs are inconsistent with [4]. > > I could simply move [4] to a "recommended practice" (SHOULD) until the ballot comes into force, then move it back to "required". That implies that the bugs which have been opened for this specific issue (responding "unknown" - not to be confused with "returns 1 byte") will be closed as INVALID. Are there strong objections to this course of action? - Wayne [4] https://wiki.mozilla.org/CA/Required_or_Recommended_Practices#Precertificates _______________________________________________ dev-security-policy mailing list dev-security-policy@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-security-policy