I don't think we should have to use a competitor's product to evaluate this. Are we permitted to set up our own instance of this using the open source to do the testing? There should be that option considering IP rights have not been freely granted on all this software.
-----Original Message----- From: dev-security-policy [mailto:dev-security-policy-bounces+jeremy.rowley=digicert.com@lists.mozilla .org] On Behalf Of Kathleen Wilson Sent: Monday, February 8, 2016 1:18 PM To: [email protected] Subject: New requirement: certlint testing All, We recently added two tests that CAs must perform and resolve errors for when they are requesting to enable the Websites trust bit for their root certificate. Test 1) Browse to https://crt.sh/ and enter the SHA-1 Fingerprint for the root certificate. Then click on the 'Search' button. Then click on the 'Run cablint' link. All errors must be resolved/fixed. Test 2) Browse to https://cert-checker.allizom.org/ and enter the test website and click on the 'Browse' button to provide the PEM file for the root certificate. Then click on 'run certlint'. All errors must be resolved/fixed. I added these to item #15 of https://wiki.mozilla.org/CA:Information_checklist#Technical_information_abou t_each_root_certificate This has sparked some discussions in Bugzilla Bugs that I think we should move here to mozilla.dev.security.policy so that everyone may benefit from the resulting decisions. So, if you have feedback or questions about these new tests, please add them here. Thanks, Kathleen _______________________________________________ dev-security-policy mailing list [email protected] https://lists.mozilla.org/listinfo/dev-security-policy
smime.p7s
Description: S/MIME cryptographic signature
_______________________________________________ dev-security-policy mailing list [email protected] https://lists.mozilla.org/listinfo/dev-security-policy
