date:20151124

RE: NSS FIPS certified library

2015-11-24 Thread Eric Halbritter

I cannot speak on Mozilla behalf, but this is expected. FIPs validation can 
take up to two years after submission. The FIPS validation soft token is in 
3.12.6 per their site.



There may be an update, you can search NIST directly for already validated, 
http://csrc.nist.gov/groups/STM/cmvp/documents/140-1/140val-all.htm or this 
link to see what is in process, 
http://csrc.nist.gov/groups/STM/cmvp/documents/140-1/140InProcess.pdf (opens a 
PDF).



From: Ananya [mailto:ananya.ya...@gmail.com]
Sent: Tuesday, November 24, 2015 3:11 PM
To: Eric Halbritter
Cc: dev-security-policy@lists.mozilla.org
Subject: Re: NSS FIPS certified library



Thanks, Eric. That is back from 2011. Is that the latest? There have been 
newer version of NSS out since then.



On Tue, Nov 24, 2015 at 2:07 PM, Eric Halbritter 
 wrote:

https://wiki.mozilla.org/FIPS_Validation



-Original Message-
From: dev-security-policy
[mailto:dev-security-policy-bounces+eric.halbritter 
 
=identrust@lists.mozi
lla.org] On Behalf Of Ananya
Sent: Tuesday, November 24, 2015 2:43 PM
To: dev-security-policy@lists.mozilla.org
Subject: NSS FIPS certified library

Hi there,
Can anyone confirm that the latest FIPS certified NSS library is 3.12.4 Is
there anything more recent that is FIPs certieid - 3.16? 3.12.9?

-Ananya

___
dev-security-policy mailing list
dev-security-policy@lists.mozilla.org
https://lists.mozilla.org/listinfo/dev-security-policy





smime.p7s
Description: S/MIME cryptographic signature
___
dev-security-policy mailing list
dev-security-policy@lists.mozilla.org
https://lists.mozilla.org/listinfo/dev-security-policy

Re: NSS FIPS certified library

2015-11-24 Thread Ananya

Thanks, Eric. That is back from 2011. Is that the latest? There have been
newer version of NSS out since then.

On Tue, Nov 24, 2015 at 2:07 PM, Eric Halbritter <
eric.halbrit...@identrust.com> wrote:

> https://wiki.mozilla.org/FIPS_Validation
>
>
> -Original Message-
> From: dev-security-policy
> [mailto:dev-security-policy-bounces+eric.halbritter
> =identrust@lists.mozi
> lla.org] On Behalf Of Ananya
> Sent: Tuesday, November 24, 2015 2:43 PM
> To: dev-security-policy@lists.mozilla.org
> Subject: NSS FIPS certified library
>
> Hi there,
> Can anyone confirm that the latest FIPS certified NSS library is 3.12.4 Is
> there anything more recent that is FIPs certieid - 3.16? 3.12.9?
>
> -Ananya
> ___
> dev-security-policy mailing list
> dev-security-policy@lists.mozilla.org
> https://lists.mozilla.org/listinfo/dev-security-policy
>
___
dev-security-policy mailing list
dev-security-policy@lists.mozilla.org
https://lists.mozilla.org/listinfo/dev-security-policy

NSS FIPS certified library

2015-11-24 Thread Ananya

Hi there,
Can anyone confirm that the latest FIPS certified NSS library is 3.12.4
Is there anything more recent that is FIPs certieid - 3.16? 3.12.9?

-Ananya
___
dev-security-policy mailing list
dev-security-policy@lists.mozilla.org
https://lists.mozilla.org/listinfo/dev-security-policy

Re: SECOM Request for EV Treatment

2015-11-24 Thread Kathleen Wilson


On 11/19/15 11:00 PM, h-k...@secom.co.jp wrote:


Dear Kathleen-san,

The updated CP for detailed descrition(the certificate subscriber 
owns/controls) about domain verification for the section 3.2.7 is attached on 
bugzilla.
https://bugzilla.mozilla.org/attachment.cgi?id=8689921
Email address verification does not apply to this EV SSL CP/CPS.

The corresponding section were made comprehensible by blue characters.

Thank you for your consideration.




Thank you, Kamo-san.

All,

As requested, the CP has been updated to reflect what SECOM does in 
regards to domain name validation. Note that this information was 
already available on the SECOM website, but we asked that it also be 
added to their CP.


Here is the text that was added to the CP:
~~
The authentication method is as follows:
1. Using the WHOIS registry service, SECOM Trust System verifies that 
the relevant subscriber owns the domain to which the Certificate pertains.
2. Should the owner of the domain be different from the subscriber, 
SECOM Trust Systems authenticates the domain by having the domain owner 
submit to SECOM Trust Systems a document granting subscriber the 
permission to use the domain or by sending a verification e-mail to the 
e-mail address of the domain owner registered in the WHOIS registry service.

~~

If everyone is OK with this, then I will proceed with recommending 
approval of this request to enable EV treatment for the "Security 
Communication RootCA2" root certificate.


I will also track an action item to ensure that SECOM adds the updates 
in the translated version of their CP back to the original CP.


Kathleen

___
dev-security-policy mailing list
dev-security-policy@lists.mozilla.org
https://lists.mozilla.org/listinfo/dev-security-policy

RE: NSS FIPS certified library

Re: NSS FIPS certified library

NSS FIPS certified library

Re: SECOM Request for EV Treatment

4 matches

Site Navigation

Mail list logo

Footer information