Treading carefully…
Mozilla is the only browser related to the discussion. Probably sufficient to say that the revocation/no-revoke decision is entirely dependent on the results of this thread. From: James Burton <[email protected]> Sent: Thursday, December 27, 2018 6:07 PM To: Jeremy Rowley <[email protected]> Cc: Matt Palmer <[email protected]>; mozilla-dev-security-policy <[email protected]> Subject: Re: Underscore characters I'm not sure if you're allowed to state this publicly. Has Microsoft giving you the go ahead? On Fri, Dec 28, 2018 at 1:05 AM Jeremy Rowley via dev-security-policy <[email protected] <mailto:[email protected]> > wrote: I disagree that we won't get that. I think we could see a "it's okay to wait until April 30 for large pharmacy" or "Waiting until April 30 is too long but March 1 is okay". I don't think Mozilla wants outages either. But... if Mozilla did say that we should revoke now, that would be great as well. I'd have a firm answer I can go back with. No risk, but no exception. Well except moral risk of course.... -----Original Message----- From: dev-security-policy <[email protected] <mailto:[email protected]> > On Behalf Of Matt Palmer via dev-security-policy Sent: Thursday, December 27, 2018 5:55 PM To: [email protected] <mailto:[email protected]> Subject: Re: Underscore characters On Fri, Dec 28, 2018 at 12:12:03AM +0000, Jeremy Rowley via dev-security-policy wrote: > This is very helpful. If I had those two options, we'd just revoke all > the certs, screw outages. Unfortunately, the options are much broader than that. > If I could know what the risk v. benefit is, then you can make a > better decision? DigiCert distrusted - all revoked. DigiCert gets some > mar on its audit - outages seem worse. Make sense? Given that Mozilla wants CAs to abide by its policies, which include adherence to the BRs, and you appear to be saying that you'll adhere to the BRs if you're threatened with distrust... I'd say the logical response from Mozilla would be to threaten distrust. I doubt, especially now, that you'll get a categorical advance "it's OK to not revoke" from Mozilla. - Matt _______________________________________________ dev-security-policy mailing list [email protected] <mailto:[email protected]> https://clicktime.symantec.com/a/1/JAUY6LMmpzDeGtxtOiXLJVWWYjWV65xcMjKoLj_GS <https://clicktime.symantec.com/a/1/JAUY6LMmpzDeGtxtOiXLJVWWYjWV65xcMjKoLj_GSgs=?d=2r4BCPONnLRAQaYxhIYsrR2xI_C73HdzeRvSzxfwF1rOccA0cfq95qcKptTpNVYkGzCfglu40QMyhwHQJyWghm9tDreLIrUFB4D0ugqZlnn2SKyEI85b9QcQlb6I-o78NypjSLQRAUF9s9i5tFsXc6oVsnhZly7GCR8HrTZqfLEL8fXQKwA8A7MRCYPr2Hy61TCorYztrVr2u8IME1WcJdVQxd1tkB> gs=?d=2r4BCPONnLRAQaYxhIYsrR2xI_C73HdzeRvSzxfwF1rOccA0cfq95qcKptTpNVYkGzCfgl u40QMyhwHQJyWghm9tDreLIrUFB4D0ugqZlnn2SKyEI85b9QcQlb6I-o78NypjSLQRAUF9s9i5tF sXc6oVsnhZly7GCR8HrTZqfLEL8fXQKwA8A7MRCYPr2Hy61TCorYztrVr2u8IME1WcJdVQxd1tkB MIgZG8M74du5AO2ELfvkGfV3pBYbOUubjwoFhmqqgsHy5GyDIO_EZS68OavUwfNHvpkZ-5paTSWR yGwQFw0uz8CKa2kO0IOOBGt55A-WAyvJnhPJScUvwu_c9n2KmEljO7EbvvYGYA0E3Ef6rWWdpZbm D8FZ39LChfaUgdEP4DX6Y%3D&u=https%3A%2F%2Flists.mozilla.org <http://2Flists.mozilla.org> %2Flistinfo%2Fdev- security-policy _______________________________________________ dev-security-policy mailing list [email protected] <mailto:[email protected]> https://lists.mozilla.org/listinfo/dev-security-policy
smime.p7s
Description: S/MIME cryptographic signature
_______________________________________________ dev-security-policy mailing list [email protected] https://lists.mozilla.org/listinfo/dev-security-policy
