Ben: Could you clarify - does this mean that responses to Mozilla CA Communications may be used to excuse a CA from complying with Mozilla Policy? For example, I don't see a response from Amazon indicating the intentional non-compliance in [Item 1](https://ccadb-public.secure.force.com/mozillacommunications/CACommResponsesOnlyReport?CommunicationId=a054o00000EL1Fo&QuestionId=Q00129,Q00142) of the [April 2021 CA Communication](https://wiki.mozilla.org/CA/Communications#April_2021_CA_Communication). It sounds like you're saying Mozilla finds the answers to [Item 1](https://ccadb-public.secure.force.com/mozillacommunications/CACommResponsesOnlyReport?CommunicationId=a054o00000EL1Fo&QuestionId=Q00140,Q00150,Q00148) as reasonable exceptions to the policy, and that, for example, ComSign's delay of one year (2022 Apr 26) is seen as acceptable, just like Microsoft's delay to 2021 Oct 2. Similarly, with respect to [Item 9](https://ccadb-public.secure.force.com/mozillacommunications/CACommResponsesOnlyReport?CommunicationId=a054o00000EL1Fo&QuestionId=Q00152,Q00155,Q00153), we see CAs indicating they do not plan to comply with (existing) CCADB and Mozilla policies until 2022, such as TWCA. Should Comment #1 be interpreted as Mozilla saying such non-compliance is acceptable? Are there any other sources that the community should review to understand where Mozilla may have granted exceptions to Mozilla Root Store Policy and/or CCADB policy? This might help reduce the churn of bugs.
Bug 1713976 Comment 2 Edit History
Note: The actual edited comment in the bug view page will always show the original commenter’s name and original timestamp.
Ben: Could you clarify - does this mean that responses to Mozilla CA Communications may be used to excuse a CA from complying with Mozilla Policy? For example, I don't see a response from Amazon indicating the intentional non-compliance in [Item 1](https://ccadb-public.secure.force.com/mozillacommunications/CACommResponsesOnlyReport?CommunicationId=a054o00000EL1Fo&QuestionId=Q00129,Q00142) of the [April 2021 CA Communication](https://wiki.mozilla.org/CA/Communications#April_2021_CA_Communication). It sounds like you're saying Mozilla finds the answers to [Item 7](https://ccadb-public.secure.force.com/mozillacommunications/CACommResponsesOnlyReport?CommunicationId=a054o00000EL1Fo&QuestionId=Q00140,Q00150,Q00148) as reasonable exceptions to the policy, and that, for example, ComSign's delay of one year (2022 Apr 26) is seen as acceptable, just like Microsoft's delay to 2021 Oct 2. Similarly, with respect to [Item 9](https://ccadb-public.secure.force.com/mozillacommunications/CACommResponsesOnlyReport?CommunicationId=a054o00000EL1Fo&QuestionId=Q00152,Q00155,Q00153), we see CAs indicating they do not plan to comply with (existing) CCADB and Mozilla policies until 2022, such as TWCA. Should Comment #1 be interpreted as Mozilla saying such non-compliance is acceptable? Are there any other sources that the community should review to understand where Mozilla may have granted exceptions to Mozilla Root Store Policy and/or CCADB policy? This might help reduce the churn of bugs.