> -----Original Message----- > From: dev-security-policy [mailto:dev-security-policy- > [email protected]] On Behalf Of > Kathleen Wilson > Sent: 29 May 2014 01:17 > To: [email protected] > Subject: Re: Clarification of disclosure - Only those Issuing or all? > > After further consideration, I am now of the opinion that we should collect some > information about subordinate CAs in this mode. > > I could create another spreadsheet for SubCAs that are in CRL/OCSP mode, and > it could have columns for Name of SubCA (optional) SubCA Cert's Issuer Hash > SubCA Cert's Issuer Public Key Hash SubCA Cert Issuer Serial Number Date of > last cert issuance Date of last cert expiration > > > Does that sound reasonable? > > Kathleen >
Hi Kathleen, I presume you mean that you need the Optional Name, SKI, S/N and overall certificate hash of the SubCA (rather than it's issuer). I have no problems in sending these through as this does not reveal anything significant but clearly highlights the number in existence. Please note that I will be sending all information needed tomorrow as per the deadline but will not have the details of the last certificate (issuance date and expiry) as I will need to poll my customers for this, but I will follow up as soon as possible as the number of CAs in this mode is now quite limited. This looks like a good compromise. Steve
smime.p7s
Description: S/MIME cryptographic signature
_______________________________________________ dev-security-policy mailing list [email protected] https://lists.mozilla.org/listinfo/dev-security-policy
