On Mon, 23 Dec 2019 14:20:16 -0700 Wayne Thayer via dev-security-policy <dev-security-policy@lists.mozilla.org> wrote:
> I suggest that we modify question #1 to require CAs > to attest that they intend to FULLY comply with version 2.7 of the > policy and if they won't fully comply, to list all non-conforrmities. > In other words, define an exception as anything that isn't compliant > with the current policy rather than something we granted in the past. Thanks Wayne, I believe this would achieve my broader goals without being too onerous for you/ Mozilla or the CAs. I look forward to any discussions prompted by the modified question or by non-comformities disclosed as a result. Nick. _______________________________________________ dev-security-policy mailing list dev-security-policy@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-security-policy