On 5/6/2014 3:48 PM, Kathleen Wilson wrote:
> On 5/6/14, 11:36 AM, Kathleen Wilson wrote:
>> I updated
>> https://wiki.mozilla.org/SecurityEngineering/mozpkix-testing#Behavior_Changes
>>
>>
>> "5. A certificate will not be considered an EV certificate if
>> mozilla::pkix cannot build a path to a tr
On Tue, May 6, 2014 at 3:48 PM, Kathleen Wilson wrote:
> It has been brought to my attention that the above statement is very
> difficult to understand.
>
> Any preference?
>
Let's just fix bug 989051 so that we can remove this statement completely.
It makes more sense to fix our bugs than i
On 4/8/14, 4:38 PM, Kathleen Wilson wrote:
The first discussion of this request was here:
https://groups.google.com/d/msg/mozilla.dev.security.policy/DYrrxCsD6CA/9y8a5NnshRgJ
The discussion was closed because one of the root certificates under
consideration had been recently created and not audi
On 4/24/14, 1:16 PM, Kathleen Wilson wrote:
On 4/7/14, 5:42 PM, Kathleen Wilson wrote:
QuoVadis has applied to include the “QuoVadis Root CA 1 G3”, “QuoVadis
Root CA 2 G3”, and “QuoVadis Root CA 3 G3” root certificates, turn on
all three trust bits for the RCA1 and RCA3 root certs, and turn on t
On 5/6/14, 11:36 AM, Kathleen Wilson wrote:
I updated
https://wiki.mozilla.org/SecurityEngineering/mozpkix-testing#Behavior_Changes
"5. A certificate will not be considered an EV certificate if
mozilla::pkix cannot build a path to a trusted root that does not
contain any certificates with the i
On Mon, May 5, 2014 at 4:45 PM, Kathleen Wilson wrote:
> OK. Changed to the following.
>
> https://wiki.mozilla.org/SecurityEngineering/mozpkix-
> testing#Things_for_CAs_to_Fix
> --
> 1. For all new intermediate certificate issuance, use the "TLS Web Server
> Authentication (1.3.6.1.5.5.7.3.1)" (
On 5/6/14, 12:58 PM, Brian Smith wrote:
> On Mon, May 5, 2014 at 4:45 PM, Kathleen Wilson
wrote:
>
> OK. Changed to the following.
>
>
https://wiki.mozilla.org/SecurityEngineering/mozpkix-testing#Things_for_CAs_to_Fix
> --
> 1. For all new intermediate certificate issuance, use th
On 5/2/14, 1:36 PM, Peter Bowen wrote:
I don't think the policy allows for "c" (in regards to SSL certs). I hope
that eventually all of the non-technically constrained intermediate certs
will be part of some sort of database of allowed (known and audited)
intermediates. Then SSL certificate path
On 4/28/14, 6:47 PM, Brian Smith wrote:
[+dev-tech-crypto; Please discuss technical details of mozilla::pkix on
dev-tech-crypto and save dev-security-policy for discussion about Mozilla's
CA inclusion policies. There has been and will be a lot of technical
discussion on the behavior differences a
9 matches
Mail list logo
