On Mon, 25 Nov 2019 14:12:46 -0800
Kathleen Wilson via dev-security-policy
<dev-security-policy@lists.mozilla.org> wrote:

> CAs should have been keeping track of and resolving their own known 
> problems in regards to not fully following the BRs and Mozilla
> policy. For example, I expect that a situation in which I responded
> with an OK in 2016 would have been corrected in the 3 years since
> that email was written.

Perhaps to this end it would be useful for Mozilla's periodic survey
letters to always ask each CA to list any exceptional circumstances they
believe currently apply to them?

This would act both as a reminder to Mozilla of any such exceptions
which they granted but may have assumed meanwhile ceased to be
relevant, AND to the CA of any such exceptions upon which they find
themselves still relying.

The publication of CA responses is an opportunity for Mozilla, Peers
and the wider community to comment on any discrepancy.

dev-security-policy mailing list

Reply via email to