@BRIAN_____ easiest way to kill them is to follow procedure. No way they can meet requirements.
@pzb Maybe in this one case, but not in general. What would make them fail to qualify that they can't (promise to) fix?
-
-
@BRIAN_____ no verification of domain control? how would a MITM CA pass a BR audit? -
@pzb Do verification of domain control until the audit is done. -
@BRIAN_____@pzb The perfectly done subsequent audit (the year after) will detect missiuance and fail. -
@eabalea@BRIAN_____ if no one catches them first -
@pzb@BRIAN_____ So users are safe :D -
@eabalea@BRIAN_____ one of the questions in the Mozilla process better be to confirm no MITM. Also the queue for discussion is quite long.. -
@pzb@BRIAN_____ I thought the no MITM was already required, since the Trustwave case. -
@eabalea@BRIAN_____ It is. During the public discussion (which will be in ~8-12 months, I guess), someone asks them to confirm they agree.
End of conversation
New conversation -
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.