On 12/31/2012 07:23 PM, Kai Engert wrote:
On Mon, 2012-12-31 at 16:26 +0100, Kai Engert wrote:
I propose to more actively involve users into the process of accepting
certificates for domains.
I propose the following in addition:
Each CA certificate shall have a single country where the CA
organization is physically located (they already contain that).
Keep in mind that many CAs use historical DNs which no longer reflect
reality, so the country information found there is unreliable. But
perhaps Mozilla tracks this data separately. However, I expect that for
a lot of CAs, it is difficult to come up with a single country which
accurately describes where the CA is located.
--
Florian Weimer / Red Hat Product Security Team
_______________________________________________
dev-security mailing list
[email protected]
https://lists.mozilla.org/listinfo/dev-security
