I've modified the first question of the survey and added a response option
for exceptions:
https://ccadb-public.secure.force.com/mozillacommunications/CACommunicationSurveySample?CACommunicationId=a051J3waNOW
On Tue, Dec 24, 2019 at 5:55 AM Nick Lamb wrote:
> On Mon, 23 Dec 2019 14:20:16 -0700
> Wayne Thayer via dev-security-policy
> wrote:
>
> > I suggest that we modify question #1 to require CAs
> > to attest that they intend to FULLY comply with version 2.7 of the
> > policy and if they won't fully comply, to list all non-conforrmities.
> > In other words, define an exception as anything that isn't compliant
> > with the current policy rather than something we granted in the past.
>
> Thanks Wayne, I believe this would achieve my broader goals without
> being too onerous for you/ Mozilla or the CAs.
>
> I look forward to any discussions prompted by the modified question or
> by non-comformities disclosed as a result.
>
>
> Nick.
>
___
dev-security-policy mailing list
dev-security-policy@lists.mozilla.org
https://lists.mozilla.org/listinfo/dev-security-policy
