I think these are both good points and my recommendation is that Mozilla deny GDCA's request for inclusion.We should not have to explain something as basic as document versioning and version control. If GDCA can
To be clear, this particular email will just be going to the CAs listed here:
https://crt.sh/mozilla-disclosures#undisclosedsummary
The intention of the email is to remind those CAs that they have an overdue
action item, that needs to be completed. It is not the intention of this email
to
Kathleen,
This coverage is very encouraging! Among the sites you included, huanqiu, which
is a newspaper operated by the central government is notable. So far, no
censorship has been observed, contrary to the blanket censorship of the
previous CNNIC case.
Kathleen,
This coverage is very encouraging! Among the sites you included, huanqiu, which
is a newspaper operated by the central government is notable. So far, no
censorship has been observed, contrary to the blanket censorship of the
previous CNNIC case.
One thing I forgot to mention:
Although I think Viriginia's view of the process is fine, passing the ballot
now puts the requirement into a weird status where it may be adopted or not
adopted, depending on the CA's interpretation on when changes are adopted.
This then becomes an exercise in
On Wednesday, October 26, 2016 at 3:52:23 AM UTC-7, Gervase Markham wrote:
> Perhaps it would be worth revisiting the reasons why technically
> constrained sub-CAs were excluded from Mozilla policy. As I remember,
> this was a privacy requirement - CAs wanted to be able to have some
> sub-CAs
More links in simplified Chinese:
Weibo: http://weibo.com/1663337394/EeutZ447K?type=comment#_rnd1477447436655
Toutiao: http://www.toutiao.com/i6345313124182131201/
Below is some coverage from China, all coverage contained message pull-through
from Mozilla's blog post and mentioned WoSign's
Reading this makes me wonder. Will it still be possible to have such a thing as
a non disclosed sub-CA now that Chrome has announced that they soon will
require CT?
CU Hans
___
dev-security-policy mailing list
dev-security-policy@lists.mozilla.org
On Tue, Oct 25, 2016 at 12:12:47PM -0700, Ryan Sleevi wrote:
> 8. All certificates that are capable of being used to issue new certificates,
> and which directly or transitively chain to a certificate included in
> Mozilla’s CA Certificate Program, MUST be operated in accordance with
>
On 26/10/16 02:30, Ryan Sleevi wrote:
> So we certainly know that Mozilla's policies are, in some ways,
> designed to minimize the number of errors that users are presented
> with, by allowing a gradual fade out of insecure or undesirable
> practices. A change in the BRs is, in theory, supposed to
On Tuesday, 25 October 2016 4:30:39 PM UTC Percy wrote:
> StartCom on the other hand, issued no announcement
> (https://startssl.com/News) even under multiple explicit inquires from
> multiple users
> (https://forum.startcomca.com/viewforum.php?f=16=549011a08d3a081898f1e1
> 542d3ecc10).
There is
On Wednesday, 26 October 2016 02:31:07 UTC+1, Ryan Sleevi wrote:
> Yes. There is no obligation or expectation, presently communicated, to revoke
> extant certificates. Indeed, CAs were adamantly opposed to such a
> requirement. So these certificates will still very much be valid.
Ah yes, I had
12 matches
Mail list logo
