On Thu, May 30, 2024 at 02:52:33PM +0000, 'Jeremy Rowley' via [email protected] wrote: > From my perspective, it’s the third-party approval process some of > these companies are required to go through to replace certs. Failure > to go through that process can result in government fines. Financial > and medical companies operating outside of the US seem especially > handicapped by policy restrictions when replacing certificates.
Sounds like they bought something that wasn't fit for purpose. If the customer isn't able to comply with the requirements of the WebPKI, they shouldn't be using it. Whether that mistaken purchase is the fault of the subscriber (through a lack of due diligence) or the CA (through misrepresentation) is something for those parties to work out between themselves, but is *absolutely* not something that is relevant to considerations of trustworthiness. (I know *you* know this, Jeremy; this one's for the wider community) - Matt -- You received this message because you are subscribed to the Google Groups "[email protected]" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To view this discussion on the web visit https://groups.google.com/a/mozilla.org/d/msgid/dev-security-policy/7489afb9-617d-4b9b-ae5a-8bd18b3b8516%40mtasv.net.
