On 5/20/14, 12:32 PM, Kurt Roeckx wrote:
On Tue, May 20, 2014 at 11:23:54AM -0700, Kathleen Wilson wrote:
On 5/20/14, 10:03 AM, Kurt Roeckx wrote:
Conclusions
Some of CA/Browser forum baseline requirements seems to be getting
adopted good, but there are still some certificates generated that
don't follow the requirements. Other requirements don't seem to get
adopted. Those that don't get adopted seem to have to do with things
about the CA itself and not with subject of the certificates.
Maybe we should re-visit the idea of a "wall of shame", and publicly list
the CAs who are still issuing certificates with the following problems.
I'm not sure how I feel about the wall of shame.
News
May 2013: I've been contacting CAs about the missing subject
alternative name extension, since I think that's currently the
biggest problem. Hopefully we'll see things improve over time.
Thank you for doing that! How has it been going?
I've actually didn't get any reply from the CAs (that are in the
mozilla program) so far. I guess we'll have to wait and see.
Kurt
Another approach is to file a Bugzilla bug for each CA who is issuing
new certs with the problems Mozilla cares about (i.e. the things I listed).
You can file the bug as
https://bugzilla.mozilla.org/enter_bug.cgi?product=mozilla.org&component=CA%20Certificates
The bug will get assigned to me, and I can add the corresponding CA
person to the bug.
Thanks,
Kathleen
_______________________________________________
dev-security-policy mailing list
dev-security-policy@lists.mozilla.org
https://lists.mozilla.org/listinfo/dev-security-policy
