On Wednesday, October 19, 2016 at 3:13:50 PM UTC-7, okaphone.e...@gmail.com
wrote:
> Perhaps "haste" is not what you want here. How about "urgency"?
>
Yep. Changed in the wiki page.
Thanks,
Kathleen
___
dev-security-policy mailing list
Perhaps "haste" is not what you want here. How about "urgency"?
CU Hans
___
dev-security-policy mailing list
dev-security-policy@lists.mozilla.org
https://lists.mozilla.org/listinfo/dev-security-policy
On Wednesday, October 19, 2016 at 11:50:55 AM UTC-7, Gervase Markham wrote:
>
> Today at the CAB Forum I outlined some of Mozilla's thinking on how we
> rate the severity of incidents. It might be helpful to reproduce that
> here. This is what I said:
>
Thanks, Gerv!
I added that text to the
Hello,
Thank you for the links. I note, however, that there's at least one
difference between the native language version and the English translation:
http://www.gdca.com.cn/cps/cps version 4.3 has a section 4.2.4 covering
CAA.
https://bug1128392.bmoattachments.org/attachment.cgi?id=8795091
On 19/10/16 11:35, longol...@gmail.com wrote:
> Hey Kathleen, hey list,
>
> I really don't get why Mozilla is pushing so hard on the Chinese and
> at the same time let others get away. For example the Comodo case
> from today. Isn't that a much worse incident than what has happened
> here.
On Wednesday, October 19, 2016 at 12:58:49 AM UTC-7, Kurt Roeckx wrote:
> I at least have some concerns about the current gossip draft and talked
> a little to dkg about this. I should probably bring this up on the trans
> list.
>
Please do, we would like to see this brought to closure soon
SUMMARY:
Comodo was informed by security researchers Florian Heinz and Martin Kluge
that on 23rd September 2016 they had been able to obtain a server
authentication certificate [1] from Comodo for a domain which they did not
own or control.
The researchers shared their discovery with Comodo and
On 19 October 2016 at 02:58, Kurt Roeckx wrote:
> On 2016-10-19 01:37, Rob Stradling wrote:
>>
>> On 18/10/16 23:49, Gervase Markham wrote:
>>>
>>> On 18/10/16 15:42, Ryan Hurst wrote:
I do not understand the desire to require StartCom / WoSign to not
utilize their
Peter Gutmann wrote:
> Ryan Sleevi writes:
>
>> What is the goal of the root program? Should there be a higher bar for
>> removing CAs than adding them? Does trust increase or decrease over time?
>
> Another thing I'd like to bring up is the absolute silence of the CAB forum
>
On 2016-10-19 01:37, Rob Stradling wrote:
On 18/10/16 23:49, Gervase Markham wrote:
On 18/10/16 15:42, Ryan Hurst wrote:
I do not understand the desire to require StartCom / WoSign to not
utilize their own logs as part of the associated quorum policy.
My original logic was that it could be
It is true, that without gossip, CT is dependent on browsers monitoring the log
ecosystem, this is one reason why in the Chrome policy the one Google log is
required.
I would argue, with the monitoring Google does and the one Google log policy
that this risk is mitigated sufficiently, even
11 matches
Mail list logo