On 02/10/2019 00:51, Wayne Thayer wrote: > On Tue, Oct 1, 2019 at 3:34 AM Rob Stradling wrote: > > I propose that you update [4] to say that Mozilla won't treat > non-compliance with [4] as an "incident" whilst it remains the case > that the BRs are inconsistent with [4]. > > I could simply move [4] to a "recommended practice" (SHOULD) until the > ballot comes into force, then move it back to "required". That implies > that the bugs which have been opened for this specific issue (responding > "unknown" - not to be confused with "returns 1 byte") will be closed as > INVALID. > > Are there strong objections to this course of action?
It seems a bit strange to recommend a practice that CAs cannot currently adhere to without violating the BRs and some other root programs' policies, but at the same time it is helpful to signpost upcoming policy changes. I don't object strongly. > - Wayne > > [4] > https://wiki.mozilla.org/CA/Required_or_Recommended_Practices#Precertificates -- Rob Stradling Senior Research & Development Scientist Sectigo Limited _______________________________________________ dev-security-policy mailing list dev-security-policy@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-security-policy
