[cabfpub] [EXTERNAL] Bylaw interpretation: root store membership required?
Kirk.Hall at entrustdatacard.com
Tue Apr 11 09:35:15 MST 2017
As I think about it, maybe include language that a CA member must "own or control" at least one root (or sub-root) trusted by at least one browser member, as some CAs may rent but not own their root (or sub-root).
From: Public [mailto:public-bounces at cabforum.org] On Behalf Of Gervase Markham via Public
Sent: Tuesday, April 11, 2017 8:26 AM
To: CABFPub <public at cabforum.org>
Cc: Gervase Markham <gerv at mozilla.org>
Subject: [EXTERNAL][cabfpub] Bylaw interpretation: root store membership required?
The CA membership criteria say a member CA is one which:
"actively issues certificates to Web servers that are openly accessible from the Internet using a browser created by a Browser member".
What does "openly accessible" mean? Does it mean that the CA is included in at least one browser member's root store? After all, a website with a cert from an untrusted CA is still accessible in each of the browser member's browsers, after clicking through a warning.
If it does mean that, I need to update my membership ballot to take account of the fact that being in at least one root store is a membership criterion. I believe that in the past we've treated this as being a criterion for full membership, but it's not explicitly in there, so I wanted to check.
Public mailing list
Public at cabforum.org
More information about the Public