在 2016年11月18日星期五 UTC+8下午10:05:46,Gervase Markham写道:
> On 18/11/16 11:38, wangsn1...@gmail.com wrote:
> > GDCA takes security and governance seriously and we have a strict
> > control for Chinese version CP/CPS, all the contents are disclosed.
> > And The Chinese versions for CPS 4.1, 4.2, 4.3 are p
Gervase Markham wrote:
> RFC 6962bis (the new CT RFC) allows certs below technically-constrained
> sub-CAs (TCSCs) to be exempt from CT. This is to allow name privacy.
> TCSCs themselves are also currently exempt from disclosure to Mozilla in
> the Common CA Database.
>
> If this is the only priv
Gervase Markham wrote:
> On 18/11/16 01:43, Brian Smith wrote:
> > The fundamental problem is that web browsers accept certificates with
> > validity periods that are years long. If you want to have the agility to
> > fix things with an N month turnaround, reject certificates that are valid
> > f
On 18/11/16 14:28, Jeremy Rowley wrote:
> So much has changed since the last time we discussed shorter
> validity periods at CAB forum that it'd be worth bringing up again. I
> think the vocal minority opposed the change last time and they may
> have switched positions by now.
I like your optimis
On Monday, November 14, 2016 at 10:00:31 AM UTC-8, Peter Bowen wrote:
> Is there a CSV version of the upcoming root removals report?
> https://mozillacaprogram.secure.force.com/CA/UpcomingRootRemovalsReport
>
> Thanks,
> Peter
https://wiki.mozilla.org/CA:RemovedCAcerts
has these links:
Upcoming
So much has changed since the last time we discussed shorter validity periods
at CAB forum that it'd be worth bringing up again. I think the vocal minority
opposed the change last time and they may have switched positions by now.
> On Nov 18, 2016, at 7:12 AM, Gervase Markham wrote:
>
>> On 1
On 18/11/16 01:43, Brian Smith wrote:
> The fundamental problem is that web browsers accept certificates with
> validity periods that are years long. If you want to have the agility to
> fix things with an N month turnaround, reject certificates that are valid
> for more than N months.
That's all
On 18/11/16 00:28, Andrew Ayer wrote:
> I see the appeal of this. However, I'm concerned that allowing
> leniency with name-constrained TCSCs will make it hard for Mozilla to
> make security improvements to its certificate validation in the
> future. Improvements like rejecting SHA-1, 1024-bit RS
On 18/11/16 11:38, wangsn1...@gmail.com wrote:
> GDCA takes security and governance seriously and we have a strict
> control for Chinese version CP/CPS, all the contents are disclosed.
> And The Chinese versions for CPS 4.1, 4.2, 4.3 are published on the
> official website, so we cannot cover-up an
在 2016年11月17日星期四 UTC+8下午7:20:05,Gervase Markham写道:
> Hi Kathleen,
>
> On 15/11/16 00:51, Kathleen Wilson wrote:
> > There were some recommendations to deny this request due to the
> > versioning problems between the English documents and the original
> > documents.
> >
> > Do you all still feel t
10 matches
Mail list logo