Since the policy is now in Markdown and in GitHub, could future changes be
described in a pull request on GitHub rather than just a prose description
on the Mozilla wiki? A pull request on GitHub would still allow for prose
description of changes, but would also provide a nicely rendered diff of
th
On Wed, Nov 18, 2015 at 5:43 PM, Brian Smith wrote:
> Peter Bowen wrote:
>>
>> 2) For commonName attributes in subject DNs, clarify that they can only
>> contain:
>>
>> - IPv4 address in dotted-decimal notation (specified as IPv4address
>> from section 3.2.2 of RFC 3986)
>> - IPv6 address in colo
Yes, we tested all browsers, it support IP address.
We need to update our PKI system.
Thanks.
Best Regards,
Richard
From: Brian Smith [mailto:br...@briansmith.org]
Sent: Thursday, November 19, 2015 9:38 AM
To: Richard Wang
Cc: Peter Bowen ; Rob Stradling ;
mozilla-dev-security-pol...
Peter Bowen wrote:
> 2) For commonName attributes in subject DNs, clarify that they can only
> contain:
>
- IPv4 address in dotted-decimal notation (specified as IPv4address
> from section 3.2.2 of RFC 3986)
> - IPv6 address in coloned-hexadecimal notation (specified as
> IPv6address from section
On Tue, Nov 17, 2015 at 4:40 PM, Richard Wang wrote:
> So WoSign only left IP address issue that we added both IP address and DNS
> Name since some browser have warning for IP address only in SAN.
>
Put the IP addresses in the SAN as an iPAddress and then also put them in
the Subject CN, one CN
On Wed, Nov 18, 2015 at 10:25 AM, Ryan Sleevi
wrote:
> On Wed, November 18, 2015 8:56 am, Peter Bowen wrote:
>> On Wed, Nov 18, 2015 at 2:22 AM, Rob Stradling
>> wrote:
>> > I would also like to get clarification on if/when the underscore
>> > character
>> > may be used in each of the name type
On 11/5/15 11:00 AM, Kathleen Wilson wrote:
On 10/28/15 10:25 AM, Kathleen Wilson wrote:
Therefore, this proposal is modified to simplify item #9 of the
Inclusion Policy,
https://www.mozilla.org/en-US/about/governance/policies/security-group/certs/policy/inclusion/
as follows:
~~
We encourage
All,
The work-in-progress for version 2.3 of Mozilla's CA Certificate Policy
is in github:
master repo: https://github.com/mozilla/ca-policy
The changes made so far are listed here:
https://wiki.mozilla.org/CA:CertificatePolicyV2.3#Changes_Made_to_DRAFT_Version_2.3
Additionally, the policy h
On Wed, November 18, 2015 8:56 am, Peter Bowen wrote:
> On Wed, Nov 18, 2015 at 2:22 AM, Rob Stradling
> wrote:
> > I would also like to get clarification on if/when the underscore
> > character
> > may be used in each of the name types. Your report seems to flag
> > underscores as always prohi
On Wed, Nov 18, 2015 at 2:22 AM, Rob Stradling wrote:
> I would also like to get clarification on if/when the underscore character
> may be used in each of the name types. Your report seems to flag
> underscores as always prohibited (I think), but I expect that some CAs would
> be surprised by th
We tested IE6/IE7/IE8 on XP sp3, and IE10/IE11 on Windows 8, all support.
Firefox 3.6.3, 38 - 42, all support.
Chrome 11/45/46 support.
Safari 5.1.7 support.
Android 4.0-5.1 support,
IOS 9.1 support.
It seem no need to modify the BR, CA need to update the PKI system to delete
the DNS Name.
Regar
We tested IE11, Firefox 42, Chrome 45 on Windows 10, all support IP address
only now.
So we need to test the old version browsers. I will update soon.
Regards,
Richard
-Original Message-
From: dev-security-policy
[mailto:dev-security-policy-bounces+richard=wosign@lists.mozilla.org
Peter, yes, let's discuss that list at CABForum.
I would also like to get clarification on if/when the underscore
character may be used in each of the name types. Your report seems to
flag underscores as always prohibited (I think), but I expect that some
CAs would be surprised by that.
On
13 matches
Mail list logo
