It would, thanks! Regards, Andrew
On Thu, 14 Apr 2022 13:28:13 -0600 Ben Wilson <[email protected]> wrote: > Thanks, Andrew > > Would this address your comments? > > 5.4 Precertificates > > Certificate Transparency precertificates are considered by Mozilla to > be a binding intent to issue a certificate, as described in section > 3.1 of RFC 6962, and thus in-scope for enforcing compliance with > these requirements. Thus, > > · if a final certificate cannot be verified as matching a > precertificate using the algorithms in RFC 6962, then two distinct > final certificates are presumed to exist, and it is misissuance if > the two final certificates have the same serial number and issuer, > even if only one final certificate actually exists; > > · if a precertificate implies the existence of a final > certificate that does not comply with this policy, it is considered > misissuance of the final certificate, even if the certificate does > not actually exist; > > · a CA must be able to revoke a certificate presumed to exist, > if revocation of the certificate is required under this policy, even > if the final certificate does not actually exist; and > > · a CA must provide CRL and OCSP services and responses in > accordance with this policy for all certificates presumed to exist > based on the presence of a precertificate, even if the certificate > does not actually exist. > > On Thu, Apr 14, 2022 at 12:01 PM Andrew Ayer <[email protected]> > wrote: > > > Hi Ben, > > > > My comments about the precertificates section haven't been fully > > addressed: > > > > > > https://groups.google.com/a/mozilla.org/g/dev-security-policy/c/Co65loD9i-0/m/Trt4N9QQAgAJ > > > > Regards, > > Andrew > > > > On Wed, 13 Apr 2022 11:18:24 -0600 > > Ben Wilson <[email protected]> wrote: > > > > > All, > > > > > > Here are links helpful during your final review of version 2.8 of > > > the Mozilla Root Store Policy (MRSP) : > > > > > > > > https://github.com/BenWilson-Mozilla/pkipolicy/blob/2.8/rootstore/policy.md > > > > > https://github.com/mozilla/pkipolicy/compare/master...BenWilson-Mozilla:2.8 > > > (redlined) > > > > > > Please review the changes and provide any additional comments by > > > the end of Tuesday, April 19, 2022. > > > > > > My plan is to move this version over to the Mozilla pkipolicy > > > repository on Github > > > <https://github.com/mozilla/pkipolicy/tree/master/rootstore>, and > > > then I'll request that it be published on Mozilla's website > > > < > > https://www.mozilla.org/en-US/about/governance/policies/security-group/certs/policy/ > > > > to replace version 2.7.1. > > > > > > Thanks, > > > > > > Ben > > > > > > -- > > > You received this message because you are subscribed to the Google > > > Groups "[email protected]" group. To unsubscribe > > > from this group and stop receiving emails from it, send an email > > > to [email protected]. To view this > > > discussion on the web visit > > > > > https://groups.google.com/a/mozilla.org/d/msgid/dev-security-policy/CA%2B1gtaby8DypMdN2ih3xF_nf0FoshtaKUes-KC%2Baxfi-3cRiqw%40mail.gmail.com > > . > > > > -- > You received this message because you are subscribed to the Google > Groups "[email protected]" group. To unsubscribe from > this group and stop receiving emails from it, send an email to > [email protected]. To view this discussion > on the web visit > https://groups.google.com/a/mozilla.org/d/msgid/dev-security-policy/CA%2B1gtaZJ1hk9Lk%2BzpZcpAa%3DSePbuXU9XQKvD0JoFTTGFR8W%2B8Q%40mail.gmail.com. -- You received this message because you are subscribed to the Google Groups "[email protected]" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To view this discussion on the web visit https://groups.google.com/a/mozilla.org/d/msgid/dev-security-policy/20220414154146.df52c8f4359fdc3219517ae0%40andrewayer.name.
