Thanks for the suggestion Jakob. I will pass it on to the engineering team.
On Fri, Sep 7, 2018 at 8:04 AM Jakob Bohm via dev-security-policy < [email protected]> wrote: > On 07/09/2018 15:55, Bruce wrote: > > On Thursday, September 6, 2018 at 7:44:15 PM UTC-4, Wayne Thayer wrote: > >> All, > >> > >> I've drafted a new email and survey that I hope to send to all CAs in > the > >> Mozilla program next week. it focuses on compliance with the new (2.6.1) > >> version of our Root Store Policy. I would appreciate your feedback on > the > >> draft: > >> > >> > https://ccadb-public.secure.force.com/mozillacommunications/CACommunicationSurveySample?CACommunicationId=a051J00003rMGLL > >> < > https://ccadb-public.secure.force.com/mozillacommunications/CACommunicationSurveySample?CACommunicationId=a051J00003mogw7 > > > >> > >> Thanks, > >> > >> Wayne > > > > With regard to the actions. > > > > ACTION 6 - Can we select CA certificates which we do not want > pre-loaded? In some cases the CA certificate is no longer used and does not > need pre-loading. > > > > ACTION 7 - Although we support the Chrome CT requirement, we do have a > process to allow customers to choose not to CT log their certain SSL > certificates. We do not redact names, but I suppose we allow a customer to > redact certificates. As such, I don't think the responses listed in action > 7 covers this model. > > > > Thanks, Bruce. > > > > The CRLite document linked from the draft is an old scientific article > that contains some factually wrong assumptions, which will hopefully be > fixed in Mozilla's implementation anyway. > > Would it be useful for Mozilla's CRLite implementation to accept lists > of certificates from a source much shorter than the Google CT logs, for > example a CRL-like file (signed by the CA) containing only the minimum > number of attributes (serial number only for now) for each issued > certificate? > > > Enjoy > > Jakob > -- > Jakob Bohm, CIO, Partner, WiseMo A/S. https://www.wisemo.com > Transformervej 29, 2860 Søborg, Denmark. Direct +45 31 13 16 10 > This public discussion message is non-binding and may contain errors. > WiseMo - Remote Service Management for PCs, Phones and Embedded > > _______________________________________________ dev-security-policy mailing list [email protected] https://lists.mozilla.org/listinfo/dev-security-policy
