On Wed, May 4, 2016 at 5:41 PM, Dimitris Zacharopoulos <[email protected]> wrote:
> > > > On 5 Μαΐ 2016, at 00:18, Rob Stradling <[email protected]> wrote: > > On 04/05/16 22:13, Richard Barnes wrote: > > On Wed, May 4, 2016 at 4:33 PM, Rob Stradling wrote: > > <snip> > > My reading of the Mozilla CA Policy and the March 2016 CA > > Communication is that expired intermediate certificates must be > > disclosed to Mozilla. > > > The policy assigns the disclosure requirement to "All certificates that > > are capable of being used to issue new certificates". Doesn't that > > exclude expired? > > > > https://www.mozilla.org/en-US/about/governance/policies/security-group/certs/policy/inclusion/ > provides this definition: > "8. A certificate is deemed as capable of being used to issue new > certificates if it contains an X.509v3 basicConstraints extension, with the > cA boolean set to true." > > There's no mention of expired certs being excluded AFAICT. > > > > https://wiki.mozilla.org/CA:SalesforceCommunity#Which_intermediate_certificate_data_should_CAs_add_to_Salesforce.3F > > The above link clarifies that > > > - CAs should *not* add records for: > - Expired intermediate certificates > > > It seems a bit conflicting but it is more recent and very specific to > salesforce. > This is perhaps something we should clarify in the policy. --Richard > > > Dimitris. > > > > --Richard > > > > > e.g. > > https://crt.sh/?sha1=c1b471f0fd9220f4d77f128b423fc5c9e688476e > > expired some years ago as far as I can see but is currently on > > the "should disclose" list. > > > * With lots of similar, long tables on a page it can be hard to > > be sure what you're looking at after scrolling or searching. > > Setting a different pastel CSS background for each of the > > tables, and using the same colours in the summary table at the > > top could signal which table you're looking at without being a > > lot of work to implement. Fancier solutions exist of course. > > > > I'll tweak the colours. > > > (Fancier solutions are probably out of reach given my meagre webdev > > skills ;-) ). > > > -- > Rob Stradling > Senior Research & Development Scientist > COMODO - Creating Trust Online > _______________________________________________ > dev-security-policy mailing list > [email protected] > https://lists.mozilla.org/listinfo/dev-security-policy > > _______________________________________________ dev-security-policy mailing list [email protected] https://lists.mozilla.org/listinfo/dev-security-policy
