G’day Rich, DM has submitted Roots intended for Public Trust to Mozilla and other browser operators, but we also operate private trust PKIs under separate anchors. These private PKIs also issue certificates to secure TLS in closed environments, but Private Roots are not in public CT Logs and therefore these private TLS certs are not logged.
Regards, -- Scott Rea On 2/25/19, 9:59 PM, "dev-security-policy on behalf of rich.salz--- via dev-security-policy" <[email protected] on behalf of [email protected]> wrote: Apart from the concerns others have already raised, I am bothered by the wording of one of the Dark Matter commitments, which says that "TLS certs intended for public trust" will be logged. What does public trust mean? Does it include certificates intended only for use within their country? Those intended to be used only on a small, privately-specified, set of recipients? Perhaps a better way to phrase my question is: what certs would DM issue that would *not* be subject to their CT logging SOP? Is there any other trusted root that has made a similar exemption? Scott Rea | Senior Vice President - Trust Services Tel: +971 2 417 1417 | Mob: +971 52 847 5093 [email protected] The information transmitted, including attachments, is intended only for the person(s) or entity to which it is addressed and may contain confidential and/or privileged material. Any review, retransmission, dissemination or other use of, or taking of any action in reliance upon this information by persons or entities other than the intended recipient is prohibited. If you received this in error, please contact the sender and destroy any copies of this information. _______________________________________________ dev-security-policy mailing list [email protected] https://lists.mozilla.org/listinfo/dev-security-policy _______________________________________________ dev-security-policy mailing list [email protected] https://lists.mozilla.org/listinfo/dev-security-policy
