On Wed, Aug 10, 2022 at 06:57:32PM +0000, Jeremy Rowley wrote: > The general instruction I got was you couldn’t use revocation as a threat to > keep customers from switching CAs. That was pretty clear from Ryan. Other bad > actions were implied as prohibited, like revocation just because a contract > terminated. Like I said, I’d love to see it written down as an official > policy as the bounds and applicability are hearsay.
Thanks, I'll send some emails! On Wed, Aug 10, 2022 Matthew Hardeman wrote: > This sounds less like it was about a customer amidst migration and more like > it was a "sell long validity cert on `credit` and collect payment over cert > lifetime". Hardly. Regardless, is revocation intended to protect trust in the ecosystem, or as an asset recovery and reposession tool for the CA industry? I think it's the former. Tavis. -- _o) $ lynx lock.cmpxchg8b.com /\\ _o) _o) $ finger [email protected] _\_V _( ) _( ) @taviso -- You received this message because you are subscribed to the Google Groups "[email protected]" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To view this discussion on the web visit https://groups.google.com/a/mozilla.org/d/msgid/dev-security-policy/20220810191009.GB23189%40thinkstation.cmpxchg8b.net.
