Thanks, Corey. I'm wondering whether we should salvage anything in that section? We could rename it "Other PKI Hierarchies", delete the second paragraph and other wording that refers to "non-disclosable", etc., and make other tweaks to keep the section and the discussion of submitting an intermediate CA certificate as a trust anchor. Thoughts anyone?
Thanks again, Ben On Wed, Apr 20, 2022 at 11:12 AM Corey Bonnell <[email protected]> wrote: > Hi Ben, > > I believe the “Non-disclosable Intermediate Certificates” section of the > “CA/Subordinate CA Checklist” Wiki page [1] should be deleted given that > Mozilla is now requiring the disclosure of all TCSA certificates, > regardless of technical constraints. > > > > Thanks, > > Corey > > > > [1] > https://wiki.mozilla.org/CA/Subordinate_CA_Checklist#Non-disclosable_Intermediate_Certificates > > > > *From:* [email protected] <[email protected]> *On > Behalf Of *Ben Wilson > *Sent:* Wednesday, April 13, 2022 1:18 PM > *To:* [email protected] <[email protected]> > *Subject:* Policy 2.8: Final Review of MRSP v. 2.8 > > > > All, > > > > Here are links helpful during your final review of version 2.8 of the > Mozilla Root Store Policy (MRSP) : > > > > https://github.com/BenWilson-Mozilla/pkipolicy/blob/2.8/rootstore/policy.md > > https://github.com/mozilla/pkipolicy/compare/master...BenWilson-Mozilla:2.8 > (redlined) > > > > Please review the changes and provide any additional comments by the end > of Tuesday, April 19, 2022. > > > > My plan is to move this version over to the Mozilla pkipolicy repository > on Github <https://github.com/mozilla/pkipolicy/tree/master/rootstore>, > and then I'll request that it be published on Mozilla's website > <https://www.mozilla.org/en-US/about/governance/policies/security-group/certs/policy/> > to replace version 2.7.1. > > > > Thanks, > > > > Ben > > -- > You received this message because you are subscribed to the Google Groups " > [email protected]" group. > To unsubscribe from this group and stop receiving emails from it, send an > email to [email protected]. > To view this discussion on the web visit > https://groups.google.com/a/mozilla.org/d/msgid/dev-security-policy/CA%2B1gtaby8DypMdN2ih3xF_nf0FoshtaKUes-KC%2Baxfi-3cRiqw%40mail.gmail.com > <https://groups.google.com/a/mozilla.org/d/msgid/dev-security-policy/CA%2B1gtaby8DypMdN2ih3xF_nf0FoshtaKUes-KC%2Baxfi-3cRiqw%40mail.gmail.com?utm_medium=email&utm_source=footer> > . > -- You received this message because you are subscribed to the Google Groups "[email protected]" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To view this discussion on the web visit https://groups.google.com/a/mozilla.org/d/msgid/dev-security-policy/CA%2B1gtaajWyZEhN2%3D%3DxbLYEAgaD8VdPmowU3cvwbVpSwfno48%3Dg%40mail.gmail.com.
