On Sat, Jul 4, 2020 at 10:42 PM Peter Bowen via dev-security-policy < dev-security-policy@lists.mozilla.org> wrote:
> As several others have indicated, WebPKI today is effectively a subset > of the more generic shared PKI. It is beyond time to fork the WebPKI > from the general PKI and strongly consider making WebPKI-only CAs that > are subordinate to the broader PKI; these WebPKI-only CAs can be > carried by default in public web browsers and operating systems, while > the broader general PKI roots can be added locally (using centrally > managed policies or local configuration) by those users who what a > superset of the WebPKI. > +1. This is the only outcome that, long term, balances the tradeoffs appropriately. _______________________________________________ dev-security-policy mailing list dev-security-policy@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-security-policy