The proposed legislation says that browsers “can’t do adicional validations on the certificates from the CA” (more or less this wording) meaning a simple check CAA DNS check from a browser would be against said legislation.
Does a “warning, cert issued by a government agency” count as additional validation?
Or maybe everyone is going to use cert pinning now. Or Firefox is going to stop trusting all CAs and make you verify each CA yourself. Which is a terrible idea for the average user.
The proposed legislation says that browsers “can’t do adicional validations on the certificates from the CA” (more or less this wording) meaning a simple check CAA DNS check from a browser would be against said legislation.
Does a “warning, cert issued by a government agency” count as additional validation?
Or maybe everyone is going to use cert pinning now. Or Firefox is going to stop trusting all CAs and make you verify each CA yourself. Which is a terrible idea for the average user.
From what I gather they can’t do that either.
Same as above. This would be effectively “adicional validations on the certificates”.
Would be legal but annoying. Bet they would legislate to force their CAs / be exempt from that user verification.