Hi Rich, On 18/08/17 12:51, [email protected] wrote: > Perhaps some explicit statements about sub-CAs would be helpful - > detailing where responsibility lies and how a CA is required to deal > with a sub-CA who is found to have misissued.
Do you specifically mean sub-CAs which are run by someone other than the CA (and so have their own audits etc.)? Good idea. What do you think we should say? :-) Gerv _______________________________________________ dev-security-policy mailing list [email protected] https://lists.mozilla.org/listinfo/dev-security-policy
