Hi Yair,
On Mon, Feb 12, 2018 at 11:50 AM, YairE via dev-security-policy <
dev-security-policy@lists.mozilla.org> wrote:
> Hi Wayne,
> Please realize our situation versus the Israeli market. We are the major
> certificate authority and we comply with every piece of local regulation,
> we are also
All of my questions regarding the CP/CPS and audits have been answered to
my satisfaction. I am left with two concerns:
1. This root was signed on 12-March 2013. The first end-entity certificate
that I'm aware of was signed later in 2013. Mozilla began requiring BR
audits in 2014, but the first BR
I hope you can understand that trust is not just based on the state of the
world 'today', but based on everything that key has ever done and every bit
of infrastructure that key has run on.
We know that key has been run on deficient infrastructure, with deficient
software, and done deficient thing
Dear Ryan, with all due respect and we do respect you, back in 2016 all the
issues you mentioned were about the CPS and were corrected.
It took us a lot to create the documentation you've asked for.
There was no mentioning of any kind about our CA software or anything about the
root itself.
We be
On Mon, Feb 12, 2018 at 1:50 PM, YairE via dev-security-policy <
dev-security-policy@lists.mozilla.org> wrote:
> Hi Wayne,
> Please realize our situation versus the Israeli market. We are the major
> certificate authority and we comply with every piece of local regulation,
> we are also members of
Hi Wayne,
Please realize our situation versus the Israeli market. We are the major
certificate authority and we comply with every piece of local regulation, we
are also members of international forums and trying to establish a CA in the UK
with a new "international" root (Comsign International).
On Mon, Feb 12, 2018 at 11:36 AM, Kai Engert wrote:
> On 09.02.2018 22:20, Ryan Sleevi wrote:
> > As a small clarification - while Chrome has included the certificates,
> > as noted in the readme, the whitelist is based on SPKI. This was
> > intentional, to avoid situations of interoperability is
Friday was the deadline for responding to this survey. Responses are now
published at
https://wiki.mozilla.org/CA/Communications#January_2018_Responses
I would like to thank everyone who took the time to respond, and especially
those who provided detailed answers to Action 2 regarding methods 1 an
On Mon, Feb 12, 2018 at 5:36 PM, Kai Engert wrote:
> > For example, if you note, there are two Google certificates, but they
> > share the same SPKI and Subject Name - which is why the Chromium
> > whitelist only has one certificate listed, as it extracts the SPKI from
> > that resource as part o
On 09.02.2018 22:20, Ryan Sleevi wrote:
> As a small clarification - while Chrome has included the certificates,
> as noted in the readme, the whitelist is based on SPKI. This was
> intentional, to avoid situations of interoperability issues.
Hi Ryan,
IIUC, the current implementation in Firefox (
10 matches
Mail list logo