(Posting in a personal capacity) I think everyone so far has made valid points about why this is unexpected, and a dangerous precedent to set going forward. That said I'd like to reiterate that this feels like rewarding undesirable behavior. The CAs that will benefit from an exemption, especially one that allows them to take advantage of it silently, are those that have chosen to drag their heels until the last possible moment.
This behavior should not be encouraged and Mozilla policy should not be dictated by the minority of CAs that are holding it back via inaction. _______________________________________________ dev-security-policy mailing list dev-security-policy@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-security-policy