Adding mozilla.dev.security.policy back to this thread per Rob's suggestion:
On Fri, Dec 14, 2018 at 3:27 AM Rob Stradling <
r...@sectigo.com> wrote:
> On 13/12/2018 19:05, Wayne Thayer wrote:
> > Thank you Rob, this is terrific!
>
> Thanks Wayne.
>
> > I would like to ask that all CAs to take a look at this report and
> > correct any issues that are found with their test websites.
>
> I just noticed that m.d.s.p was dropped from this sub-thread before you
> wrote that, so you probably didn't reach much of your target audience.
> (I would forward your message to m.d.s.p, but it's probably better if it
> comes directly from you).
>
> > The report is flagging a number of sites as "Not HTML", which means that
> > they are serving some content type other than text/html.
>
> Currently text/html and text/xml are permitted.
>
> Webpages are "usually written in HTML or a comparable markup
> language...and...Typical web pages provide hypertext that includes a
> navigation bar or a sidebar menu linking to other web pages via
> hyperlinks, often referred to as links"
> (
https://en.wikipedia.org/wiki/Web_page).
>
> Most of the "Not HTML" errors are due to the response being classified
> as text/plain, which clearly isn't a markup language and so it doesn't
> contain hyperlinks.
>
> > While I think that Rob has correctly interpreted the meaning of "test >
> website", Kathleen and I are not currently planning to categorize
> this> as a policy violation.
>
> That seems reasonable. The report only shows "Not HTML" when there are
> no other issues.
>
> > However, it would still be appreciated if CAs
> > help to clean up the report by serving HTML on their test websites.
> >
> > On Thu, Dec 13, 2018 at 5:54 AM Rufus Buschart <
ru...@buschart.de
> > <mailto:
ru...@buschart.de>> wrote:
> >
> > Well, it seemed to be obvious to me, because there might be also a
> > problem with one of the Issuing CAs / Intermediate CAs in the chain
> > between the Root and the Subscriber Certificate. We at Siemens host
> > test web sites for every single issuing CA operated by us:
> >
https://catestsite.siemens.com/
> >
> > It is always good to hear when a CA does things because they make sense,
> > not just to meet the minimum requirement.
> >
> > But if the requirement is not as strict as we understood it, that's
> > fine for me too. I rather like to err to the safe side than to have
> > a bug on MDSP list....
> >
> > The requirement is not as strict as you understood it, but it is only a
> > minimum requirement. Mozilla is most concerned with the roots we're
> > shipping, so the current requirement is satisfactory for us.
> >
> > /Rufus
> >
> > What we do in life, echoes in eternity.
> > ===========================================
> > Rufus J.W. Buschart
> > Anna-Pirson-Weg 1c
> > 91052 Erlangen
> > Phone:
+49 (0)9131 - 530 15 85
> > Mobile: +49 (0)152 - 228 94 134
> > Web:
http://www.buschart.de
> >
>