Apologies, I somehow managed to send white-on-white HTML from gmail mobile and I honestly have no idea how.
On Sat, Jun 8, 2024 at 9:48 PM Jeffrey Walton <[email protected]> wrote: > I would caution against that. Effectively, Mozilla would be fiddling > with the market. The market should be the one to punish (or reward) > Entrust for the premiums on manual issuance, not Mozilla. When > subscribers get tired of paying too much for the service, the customer > will go elsewhere. Hey, uh, yeah…Mozilla sort of exists to “fiddle with the market” in ways that it feels protect the web’s users from the direction that The Market might otherwise take. It’s sort of “their thing”. But that rather jarring dissonance aside, nobody is objecting to premiums on manual issuance. It is precisely the opposite: it is an objection to charging Subscribers *extra* for using *automated* tools that make the web safer (and which indeed should be cheaper for the CA to operate than a manual process, but you know how it is with rent seeking). The CA’s primary responsibility is to the web’s users, not to its customers. They all know this. It can require that they not always optimize for short-term business outcomes, but if they are not comfortable with that *very* explicit tension, then this is not an appropriate business for them. > In my mind's eye, there are two things to observe. First is the > CA/Browser Standards ("what we do"), and second is the CA Operating > Procedures ("how we do it"). I guess that is a way that these things could have evolved in a parallel universe, but you have perhaps noticed that the BRs already have many directions as to how things must be done. The BRs are in fact growing more such directions over time as it becomes increasingly clear that not all CAs can be trusted to do the things that are best for the health of the WebPKI; see the active discussion about linting practices in the SCWG, for example. Mike -- You received this message because you are subscribed to the Google Groups "[email protected]" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To view this discussion on the web visit https://groups.google.com/a/mozilla.org/d/msgid/dev-security-policy/CADQzZqsht5cWiudPMaV6VMDvp8jgO6qPnvr_U-KoXVfp%2BfWwGQ%40mail.gmail.com.
