[cabfpub] Changing numbers of self-audited certificates

Gervase Markham gerv at mozilla.org
Thu Jun 8 11:26:12 UTC 2017

On 07/06/17 21:54, Jeremy Rowley wrote:
> Perhaps a minimum that is something along the lines of the greater
> of 3% of certificates with a unique profile and five cert? 

Is the concept of an issuance profile widespread enough that we could
use it here? I guess if every cert was manually issued and no profile
was used, we could just say you have to audit everything (which is wise,
because manual means more likelihood of mistakes...).

> An alternative is
> 3% of certificates with a unique base domain?

That might work as a proxy in practice.


More information about the Public mailing list