Kathleen,
you do not see such subordinate in CCADB because it's a technically
constrained subordinate, and there is no requirement (to date) to
disclose technically constrained subordinates.
At any rate, I confirmed our issuance of such subordinate in my response
to Gerv on 15/5/2017 when he
Jeremy,
I think the grouping may mix a bit of the solutions in with the problem
definitions, so I tried to reword a little. Does this capture the mix of
what’s been discussed?
1) Clients that support a ‘common’ root store of various CAs, including
DigiCert, and do not use pinning.
2) Browser cli
Hi Kathleen,
With respect to providing a list - is there any requirement to ensure
Mozilla accepts that as a reasonable remediation?
For example, would "We plan to not do the same in the future" be an
acceptable remediation plan? As currently worded, it would seem to meet the
letter of this requi
Here's a draft of the Bugzilla Bug that I plan to file to list the action items
for PROCERT to complete before they may re-apply for inclusion in Mozilla's
Root Store. I will appreciate feedback on this.
== DRAFT ==
Subject: PROCERT: Action Items
As per Bug #1403549 the PSCProcert certificate w
On Friday, September 29, 2017 at 1:29:26 PM UTC-7, Rob Stradling wrote:
> Several CAs have issued intermediate CA certificates with duplicate
> serial numbers. This is a clear violation of the serial number
> uniqueness requirement of the BRs and RFC5280 4.1.2.2. Below is a list
> of all those
Hello Gerv,
The BRs are clear on the use of SHA-1, but I have a question about the Mozilla
policy and how it relates to the use of SHA-1 OCSP signing certificates.
In December 2016 the Mozilla policy 2.3 was published and it didn't address the
use of SHA-1 on OCSP signing certificates (see any
On Tuesday, September 19, 2017 at 8:13:26 AM UTC-7, Gervase Markham wrote:
> In the light of this, I believe it is reasonable to discuss the question
> of whether Visa's PKI (and, specifically, the VISA eCommerce Root,
> https://crt.sh/?id=896972 , which is the one includes in our store)
> meets th
7 matches
Mail list logo
