Re: New undisclosed intermediates

> On Jun 7, 2017, at 21:56, Matthew Hardeman via dev-security-policy > wrote: > > On Wednesday, June 7, 2017 at 6:45:25 PM UTC-5, Jonathan Rudenberg wrote: > >> Yet another batch of undisclosed intermediates has shown up in CT: >> >> - >>

Re: New undisclosed intermediates

On Wednesday, June 7, 2017 at 6:45:25 PM UTC-5, Jonathan Rudenberg wrote: > Yet another batch of undisclosed intermediates has shown up in CT: > > - > https://crt.sh/?sha256=f01c1aca392882af152e9f01ecccd0afddd8aa35bf895b003198b1e8c752ddb8 > - >

Re: New undisclosed intermediates

> On Jun 5, 2017, at 09:29, Alex Gaynor via dev-security-policy > wrote: > > Happy Monday! > > Another week, another set of intermediate certs that have shown up in CT > without having been properly disclosed: >

Re: Mozilla requirements of Symantec

Hi Gervase, there seems to be a slight inconsistency between the terminology in the plan posted at https://groups.google.com/a/chromium.org/d/msg/blink-dev/eUAKwjihhBs/ovLalSBRBQAJ And the official letter quoted below. I have added potential clarifications to fix this, please indicate, for

Re: Policy 2.5 Proposal: Add definition of "mis-issuance"

On 07/06/2017 17:41, Ryan Sleevi wrote: On Wed, Jun 7, 2017 at 11:25 AM, Jakob Bohm via dev-security-policy < dev-security-policy@lists.mozilla.org> wrote: Note that I also had a second, related, point: The possibility that such a new piece of infrastructure was, for other reasons, not

Mozilla requirements of Symantec

Hi Steve, I'm writing to you in your role as the Primary Point of Contact for Symantec with regard to the Mozilla Root Program. I am writing with a list of Mozilla-specific additions to the consensus remediation proposal for Symantec, as documented by Google. We note that you have raised a

Re: Policy 2.5 Proposal: Add definition of "mis-issuance"

On Wed, Jun 7, 2017 at 11:25 AM, Jakob Bohm via dev-security-policy < dev-security-policy@lists.mozilla.org> wrote: > > Note that I also had a second, related, point: The possibility that such > a new piece of infrastructure was, for other reasons, not endorsed by > Mozilla, but of great interest

Re: Policy 2.5 Proposal: Add definition of "mis-issuance"

On 07/06/2017 16:43, Nick Lamb wrote: On Tuesday, 6 June 2017 21:08:54 UTC+1, Ryan Sleevi wrote: Standards defining organization. More usually a Standards _Development_ Organization. I wouldn't usually feel the need to offer this correction but in this context we care a good deal about the

Re: Policy 2.5 Proposal: Add definition of "mis-issuance"

On 07/06/2017 12:55, Rob Stradling wrote: On 06/06/17 22:26, Jakob Bohm wrote: On 06/06/2017 22:08, Ryan Sleevi wrote: Signing data is heavily reliant on CA competency, and that's in unfortunately short supply, as the economics of the CA market make it easy to fire all the engineers, while

Re: Policy 2.5 Proposal: Add definition of "mis-issuance"

On Tuesday, 6 June 2017 21:08:54 UTC+1, Ryan Sleevi wrote: > Standards defining organization. More usually a Standards _Development_ Organization. I wouldn't usually feel the need to offer this correction but in this context we care a good deal about the fact that SDOs are where the actual

Re: Policy 2.5 Proposal: Add definition of "mis-issuance"

On 06/06/17 22:26, Jakob Bohm wrote: On 06/06/2017 22:08, Ryan Sleevi wrote: Signing data is heavily reliant on CA competency, and that's in unfortunately short supply, as the economics of the CA market make it easy to fire all the engineers, while keeping the sales team, and outsourcing