[cabfpub] Bylaw interpretation: root store membership required?

Gervase Markham gerv at mozilla.org
Tue Apr 11 15:26:16 UTC 2017


The CA membership criteria say a member CA is one which:

"actively issues certificates to Web servers that are openly accessible
from the Internet using a browser created by a Browser member".

What does "openly accessible" mean? Does it mean that the CA is included
in at least one browser member's root store? After all, a website with a
cert from an untrusted CA is still accessible in each of the browser
member's browsers, after clicking through a warning.

If it does mean that, I need to update my membership ballot to take
account of the fact that being in at least one root store is a
membership criterion. I believe that in the past we've treated this as
being a criterion for full membership, but it's not explicitly in there,
so I wanted to check.

Gerv



More information about the Public mailing list