On Monday, March 20, 2017 at 2:43:22 PM UTC-7, Gervase Markham wrote: > On 20/03/17 15:33, Kathleen Wilson wrote: > >> * Action 7: some of the BR Compliance bugs relate to CAs which are no > >> longer trusted, like StartCom. If StartCom does become a trusted CA > >> again, it will be with new systems which most likely do not have the > >> same bugs. Should we close the StartCom compliance bugs? > > > > Yes, I think that makes sense. > > OK, I've closed the StartCom and ANSSI bugs.
Thanks! I also finished updating bugs: https://wiki.mozilla.org/CA/ca-bugs https://wiki.mozilla.org/CA_Bug_Triage#CA_Certificate_Issuance_Problems_and_Incidents > > >> * Action 8: Can we provide more structure here, by perhaps putting some > >> boilerplate text in the answer box or something like that? Or at least > >> list the sections and actions we expect to have been done? > > > > Changed to checkboxes and a follow-up text field. Please review. > > You've added a box: "All SHA-1 based TLS/SSL certificates chaining up to > our root certificates included in Mozilla’s CA Certificate Program have > either expired or been revoked." > > I don't think we _required_ revocation of all publicly-trusted SHA-1 > certs, did we? removed > > Also, the two about "all... certificates" might need to be changed to > "Our policy now is that all... certificates". Updated > > > See action 9 here: > > https://mozilla-mozillacaprogram.cs54.force.com/Communications/CACommunicationSurveySample?CACommunicationId=a050S000000G3K2 > > You now need to remove the second bullet in this action, as it's > redundant with the reduced scope. > removed Thanks, Kathleen _______________________________________________ dev-security-policy mailing list dev-security-policy@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-security-policy