Re: Policy Update Proposal: Timeline for Disclosing SubCAs

On 11/3/15 7:09 PM, Ryan Sleevi wrote: On Tue, November 3, 2015 4:24 pm, Kathleen Wilson wrote: Topic to discuss [1]: (D3) Make the timeline clear about when the audit statements and disclosure has to happen for new audited/disclosed subCAs. What further clarification needs to be

Policy Update: section 8 of Maintenance Policy

The next two topics to discuss [1] have to do with section 8 of Mozilla’s CA Certificate Maintenance Policy. The proposals are: - (D15) Deprecate SHA-1 Hash Algorithms in certs. and - (D4) In item #8 of the Maintenance Policy recommend that CAs avoid SHA-512 and P-521, especially in their CA

Re: Policy Update: section 8 of Maintenance Policy

On 11/5/15 10:58 AM, David E. Ross wrote: Rather than list acceptable key types and sizes, cite the Baseline Requirements along with listing exceptions, both types and sizes that are not supported but are in the BR and types and sizes that are supported but are not in the BR. I would not be

Re: Firefox security too strict (HSTS?)?

It might for you but maybe something between you're system and hers is different so it works for you but not for her as my sig line says iam a computer tech i build sell service and consult. sometimes you can have to 2 identical systems side by side and one will work fine and the other has

Re: Policy Update: section 8 of Maintenance Policy

I would like to see SHA-3 signatures and Ed25519/curve25519 ASAP. The later one is not that far away [1]. Maybe it's the right time to consider them? [1] https://bugzilla.mozilla.org/show_bug.cgi?id=957105 Am 05.11.2015 um 19:46 schrieb Kathleen Wilson: > The next two topics to discuss [1] have

CA Community in Salesforce

All, As many of you know, we've been working to customize Salesforce to create a CA Community that enables CAs to directly provide the data for all of the publicly disclosed and audited subordinate CAs chaining up to root certificates in Mozilla's program, and to also directly provide data

Re: Policy Update Proposal: Timeline for Disclosing SubCAs

On Thu, November 5, 2015 12:51 pm, Charles Reiss wrote: > My impression is that Mozilla need not be explicitly notified of new > subCAs; the > disclosure may take the form of an update on the CA's website (perhaps > even just > a new version of the CPS). If so, this would seem to make it

Re: Update to phasing out SHA-1 Certs

On 11/5/15 11:34 AM, s...@gmx.ch wrote: It seems that we are going to untrust SHA-1 generally on July 1, 2016 [1]. Do we already have a bug number for this? https://bugzilla.mozilla.org/show_bug.cgi?id=942515 I think certificates with 'notAfter >= 2017-7-1' should get a triangle instead

Re: Policy Update: section 8 of Maintenance Policy

On 11/5/2015 11:10 AM, Kathleen Wilson wrote: > On 11/5/15 10:58 AM, David E. Ross wrote: >> >> Rather than list acceptable key types and sizes, cite the Baseline >> Requirements along with listing exceptions, both types and sizes that >> are not supported but are in the BR and types and sizes

Re: Automated the Included CA List

On 8/4/15 1:26 PM, Peter Bowen wrote: On Tue, Aug 4, 2015 at 1:17 PM, Kathleen Wilson wrote: The Included CAs list is now being automatically generated directly from Salesforce: https://mozillacaprogram.secure.force.com/CA/IncludedCACertificateReport Is there a way to

Re: Policy Update Proposal: Timeline for Disclosing SubCAs

On 11/04/15 00:24, Kathleen Wilson wrote: > Topic to discuss [1]: > “(D3) Make the timeline clear about when the audit statements and disclosure > has > to happen for new audited/disclosed subCAs. > > Section 10 of the Inclusion Policy says: >