- Even if you want to get added you have to follow the rules.
- The domain currently only serve 404 .
- It should added to the rules that sides containing malware can cause an revocation.
is there anywhere a tldr of the root program rules?
legal native language is hard enough, but legal foreign language is not funny.
We are required to follow the MS root program rules even though we arenāt in it because IdenTrust is in the program, and we inherit the obligations through the sub-CAs from IdenTrust.
3 Likes
well that makes sense as well.
Can you answer also to this thread (https://community.letsencrypt.org/t/inclusion-of-isrg-root/) about the progress that has been made regarding the Root Inclusion? Or hasnāt there been any progress?
That i already anticipated that you have to follow the root programm independent if you want to get added or because you have to inherit because of sub-CA. But it would be great if you could ad links to the rules of the different root programs you need to follow. From the current i think we can say:
- High Risk domains are forbidden because there is no manually verification.
- Domains containing malware are forbidden -> inherited from MS root rules.
- Domains to similar to high risk names.
But if would be great to have an overview of all rules.
For Mozilla the root programmeās rules are published here:
https://www.mozilla.org/en-US/about/governance/policies/security-group/certs/policy/inclusion/
Iām not aware of Microsoft, Apple or Oracle publishing full rules for their programmes, although I agree in principle that it seems as though participants in the web PKI should do so.
1 Like
This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.