Re: 2020.02.29 Let's Encrypt CAA Rechecking Bug
On Thursday, 5 March 2020 13:10:38 UTC, Julien Cristau wrote: > I believe that's what https://bugzilla.mozilla.org/show_bug.cgi?id=1619179 > is about. > > Cheers, > Julien > Ah, my bad - that bug hadn't surfaced on MDSP ___ dev-security-policy mailing list dev-security-policy@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-security-policy
Re: 2020.02.29 Let's Encrypt CAA Rechecking Bug
On Tuesday, 3 March 2020 15:37:00 UTC, Jacob Hoffman-Andrews wrote: > We've posted our Incident Report at > https://bugzilla.mozilla.org/show_bug.cgi?id=1619047#c1. In light of https://community.letsencrypt.org/t/2020-02-29-caa-rechecking-bug/114591/3, should LE file a 2nd bug report about their decision not to revoke certificates within the BR limits? ___ dev-security-policy mailing list dev-security-policy@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-security-policy
Re: DRAFT January 2020 CA Communication
On Wednesday, 8 January 2020 03:01:00 UTC, Wayne Thayer wrote: > Responses will be published on the wiki [1] as they are received. Please > note that the responses for questions 2, 3, and 5 do not yet properly > display the date fields that were recently added. AFAICS, for Q5 it looks as if it's *only* displaying the date, and not the associated free-format comments field. //M ___ dev-security-policy mailing list dev-security-policy@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-security-policy
Re: DRAFT January 2020 CA Communication
On Friday, January 3, 2020 at 10:27:26 AM UTC-5, Wayne Thayer wrote: > I've made some additional improvements to the survey based on feedback from > Kathleen: > https://ccadb-public.secure.force.com/mozillacommunications/CACommunicationSurveySample?CACommunicationId=a051J3waNOW Perhaps Action 2 should be split into Action 2 Date and Action 2 Comments, as per 3 & 5? //Malcolm ___ dev-security-policy mailing list dev-security-policy@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-security-policy
Re: Root Store Policy 2.7 Published
On Thursday, 12 December 2019 11:07:24 UTC, Malcolm Doody wrote: > On Wednesday, 11 December 2019 15:42:21 UTC, Wayne Thayer wrote: > > The new version of the Mozilla Root Store Policy has been published [1]. > > Looks like the level-4 headers (3.1.2.1 and 3.1.2.2) are in the wrong sized > font Looking, it comes down to the CSS definition for h1 to h6 in [3] There are overriding definitions for h1 to h4 (not h5 or h6) in [4] so h5 takes the larger font-size:2rem definition from [3] whereas it ought to have a font-size:1rem definition in [4] [3] https://www.mozilla.org/media/css/BUNDLES/protocol-core.f0fd276209f6.css [4] https://www.mozilla.org/media/css/BUNDLES/basic-article.25fb7ce32e56.css ___ dev-security-policy mailing list dev-security-policy@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-security-policy
Re: Root Store Policy 2.7 Published
On Wednesday, 11 December 2019 15:42:21 UTC, Wayne Thayer wrote: > The new version of the Mozilla Root Store Policy has been published [1]. > [1] > https://www.mozilla.org/en-US/about/governance/policies/security-group/certs/policy/ Looks like the level-4 headers (3.1.2.1 and 3.1.2.2) are in the wrong sized font in the published document [1]; they look more like a level-1 header than a level-4 one. The same problem doesn't seem to affect the bugzilla copy [2] [1] https://www.mozilla.org/en-US/about/governance/policies/security-group/certs/policy/ [2] https://github.com/mozilla/pkipolicy/blob/2.7/rootstore/policy.md ___ dev-security-policy mailing list dev-security-policy@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-security-policy
Re: Proposal: Add section 5.1 to the Common CCADB Policy
On Tuesday, 26 November 2019 16:53:21 UTC, Kathleen Wilson wrote: > The proposed section to add to the CCADB Policy (www.ccadb.org/policy) > has been updated and is here: > > https://github.com/mozilla/www.ccadb.org/issues/33#issuecomment-558714086 Typo in "Format Specifications for SHA-256 Fingerprints:" > HOULD: be encoded in the document (PDF) as select-able text, not an image SHOULD: be encoded in the document (PDF) as select-able text, not an image ___ dev-security-policy mailing list dev-security-policy@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-security-policy
Buypass Incident Report - intermediate certificates noncompliant with BR 7.1
Are you intending to revoke all of the end-user certificates issued from the non compliant certificates? If not, then can you state why? ___ dev-security-policy mailing list dev-security-policy@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-security-policy