I've added a few more issues that were recently created to the list for 2.7: https://github.com/mozilla/pkipolicy/labels/2.7
176 - Clarify revocation requirements for S/MIME certs 175 - Forbidden Practices wiki page says email validation cannot be delegated to 3rd parties I plan to begin posting issues for discussion shortly. On Fri, Mar 8, 2019 at 2:12 PM Wayne Thayer <[email protected]> wrote: > Later this month, I would like to begin discussing a number of proposed > changes to the Mozilla Root Store policy [1]. I have reviewed the list of > issues on GitHub and labeled the ones that I recommend discussing: > https://github.com/mozilla/pkipolicy/labels/2.7 They are: > > 173 - Strengthen requirement for newly included roots to meet all current > requirements > 172 - Update section 5.3 to include Policy Certification Authorities as an > exception to the mandatory EKU inclusion requirement > 171 - Require binding of CA certificates to CP/CPS > 170 - Clarify Section 5.1 about allowed ECDSA curve-hash pair > 169, 140 - Extend Section 8 to also encompass subordinate CAs > 168, 161, 158 - Require Incident Reports, move practices into policy > 163 - Require EKUs in end-entity certificates (S/MIME) > 162 - Require disclosure of CA software vendor/version in incident report > 159 - Clarify section 5.3.1 Technically Constrained > 152 - Add EV audit exception for policy constrained intermediates > 151 - Change PITRA to Point-in-Time assessment in section 8 > > I will appreciate any feedback on the proposed list of issues to discuss. > > I do recognize that the current DarkMatter discussions could result in the > need to add some additional items to this list. > > I have created a new branch for drafting these changes [1] and made one > commit that adds a bullet to the BR Conformance section informing the > reader that Mozilla policy has a more restrictive list of approved > algorithms [3] > > As we've done in the past, I plan to post individual issues for discussion > in small batches over the next few months, with the goal of finalizing > version 2.7 by June. > > - Wayne > > [1] > https://www.mozilla.org/en-US/about/governance/policies/security-group/certs/policy/ > [2] https://github.com/mozilla/pkipolicy/blob/2.7/rootstore/policy.md > [3] https://github.com/mozilla/pkipolicy/issues/167 > _______________________________________________ dev-security-policy mailing list [email protected] https://lists.mozilla.org/listinfo/dev-security-policy
