[cabfpub] What is 'misuse'?

Gervase Markham gerv at mozilla.org
Thu Jul 20 02:56:24 MST 2017


On 17/07/17 20:48, Rich Smith via Public wrote:
> Ryan, First of all, thank you for taking the time to post a reply.  I
> did the Mozilla discussion when it was happening, and I've reviewed
> it again.  I may be missing something, but the gist of it seems to be
> that misuse is pretty much whatever the particular CA in question
> decides it is, and Mozilla seems to have punted by changing the
> wording to eliminate the word 'misuse' from their policy.

I wouldn't call it punting - we reached the same conclusion you did
about the word, i.e. that "misuse" is not well defined, and so decided
to make our intentions clear in our policy without using it.

> Not
> particularly helpful unless "whatever the CA decides it is," is in
> fact the accepted definition, which does seem to be the end result of
> Mozilla's wording as well.

Er, no. The end result of our change is that we have no opinion (because
we don't need to have one any more) on what this word means in a
certificate context.

> It's not  particularly useful, as a
> matter of clarity of the BRs, to need to refer to some discussion
> that took place eons ago on another forum which only affects one
> browser's program, not the BRs themselves.

Well, I think it's useful to confirm that the problem you are reporting
is, in fact, a problem :-)

Gerv


More information about the Public mailing list