Hi Ben,
Anything you can do to speed up/optimize the process and encourage CAs to roll out different roots for different purposes (TLS only Root, Email only Root, etc.), and to encourage more frequent roll-overs would be a good thing and you might get more adoption of that philosophy. I don’t know the list of factors is in order of importance, but if so, the moving #5 up might encourage more CAs to create roots dedicated for a single purpose. It certainly belongs ahead of #3.
Doug
--
You received this message because you are subscribed to the Google Groups "dev-secur...@mozilla.org" group.
To unsubscribe from this group and stop receiving emails from it, send an email to dev-security-po...@mozilla.org.
To view this discussion on the web visit https://groups.google.com/a/mozilla.org/d/msgid/dev-security-policy/CA%2B1gtaZJsfbiDo%3DKD90Rv_LwMOive5cFiMZC7%3DHVcaigkVTdqw%40mail.gmail.com.
Hi Doug,
Is the described multi-root schema (different roots for different purposes) some kind of new best practice for CAs? So far Telia has used only one root for all purposes but should we now change that policy and start applications with several new roots? What is the reason for multi-root schema? Note! Some root programs like Oracle have specified that one member may have maximum three roots in their systems.
Best Regards
Pekka
To view this discussion on the web visit https://groups.google.com/a/mozilla.org/d/msgid/dev-security-policy/PUZPR03MB6129902BAB45A42A2235DD5DF00F9%40PUZPR03MB6129.apcprd03.prod.outlook.com.
Hi Doug,
Is the described multi-root schema (different roots for different purposes) some kind of new best practice for CAs? So far Telia has used only one root for all purposes but should we now change that policy and start applications with several new roots? What is the reason for multi-root schema? Note! Some root programs like Oracle have specified that one member may have maximum three roots in their systems.