Re: Name Constraints

[Florian Weimer]

* Richard Barnes:

 I've been doing some research on the potential benefits of adding name
 constraints into the Mozilla root program.  I've drafted an initial
 proposal and put it on a wiki page:

 https://wiki.mozilla.org/CA:NameConstraints

 Questions and comments are very welcome.

A PKIX-compliant implementation of Name Constraints is not effective
in the browser PKI because these constraints are not applied to the
Common Name.

NSS used to be non-compliant (and deliberately so), so the constraints
do work there, but I don't know if that's still the case.
___
dev-security-policy mailing list
dev-security-policy@lists.mozilla.org
https://lists.mozilla.org/listinfo/dev-security-policy

Re: Automated Audit Reminder Email Templates

[Kathleen Wilson]

On 3/10/15 1:11 PM, Kathleen Wilson wrote:

On 1/22/15 1:43 PM, Kathleen Wilson wrote:

All,

As you know, we've moved the CA Program data from spreadsheets into
SalesForce.

We are now creating a program that will be run once per month to
automatically send email to CAs when audit statements are past due;
meaning that the audit statement date is over a year old.




The automated audit reminder program has been tested, and is now in our
production version of SalesForce. For the near future I will tell the
program when to run each month. I plan to run the program early next week.

The audit information I currently have for each root is listed in the
spreadsheet here: https://wiki.mozilla.org/CA:IncludedCAs

Kathleen




I ran the automated audit reminder program in production this morning, 
and it sent the corresponding emails to the CAs who have overdue audit 
statements according to the data in SalesForce.


I plan to run the program once per month.

Kathleen

___
dev-security-policy mailing list
dev-security-policy@lists.mozilla.org
https://lists.mozilla.org/listinfo/dev-security-policy