On Tue, Jun 17, 2025, 9:14 AM Salz, Rich <rsalz=40akamai....@dmarc.ietf.org> wrote:
> If Google's advocated changes were poorly conceived, it should be > possible to make a case to the CA/B forum to reverse the erroneous > policy. > > That won’t matter because Google is doing it; you have to convince Google > to stop. > Root programs only govern roots that CAs choose to put in their program. There's no reason a CA couldn't construct a separate root for this usage although ideally it would go through we trust audits. Anyway this is a discussion for dev-security-policy not the IETF > > > My concern with the draft -- well-intended though I think it is – is that > this runs the risk of escalation. There’s nothing to stop Google or CA/B > to define an OID for extendedKeyUsage that just has the old semantics and > then the issue a timetable for it. > > > _______________________________________________ > TLS mailing list -- tls@ietf.org > To unsubscribe send an email to tls-le...@ietf.org > Astra mortemque praestare gradatim
_______________________________________________ TLS mailing list -- tls@ietf.org To unsubscribe send an email to tls-le...@ietf.org
