Sorry - that was a cynical view. I do think CAs are trying to secure the web for users for sure, but I think a lot of CAs would argue that their particular mass revocation didn't help that cause :)
On Thu, Jun 5, 2025 at 2:28 PM Mike Shaver <mike.sha...@gmail.com> wrote: > On Thu, Jun 5, 2025 at 4:25 PM Jeremy Rowley <rowley...@gmail.com> wrote: > >> They don't, but what is the incentive of the CA to give the relying party >> more protection while risking revocation if someone writes the information >> incorrectly. >> > > There's a small part of me, even after all these years, that believes that > the whole point of being a CA is to help secure the web for its users. If > that's not a shared motivation, then our only option is the force of the > BRs and root programs, and we should stop negotiating entirely with > misaligned members of the ecosystem. > > Mike > > -- You received this message because you are subscribed to the Google Groups "dev-security-policy@mozilla.org" group. To unsubscribe from this group and stop receiving emails from it, send an email to dev-security-policy+unsubscr...@mozilla.org. To view this discussion visit https://groups.google.com/a/mozilla.org/d/msgid/dev-security-policy/CAFK%3DoS-dfX5N28PQ1YxMbCX%2B-JHj1sTjh27BjawiyBNCje5kCA%40mail.gmail.com.
