Re: Policy 2.6 Proposal: Require audits back to first issuance

2018-03-29 Thread Ryan Sleevi via dev-security-policy
On Thu, Mar 29, 2018 at 4:57 PM, Wayne Thayer wrote: > On Thu, Mar 29, 2018 at 8:57 AM, Ryan Sleevi wrote: > >> >> I'm not fully sure I understand the proposal here. >> >> I would think that, for all roots created since 2012, the expectation >> > is that

Re: Policy 2.6 Proposal: Permit issuance during change in ownership

2018-03-29 Thread Ryan Sleevi via dev-security-policy
On Thu, Mar 29, 2018 at 4:03 PM, Wayne Thayer wrote: > On Thu, Mar 29, 2018 at 8:53 AM, Ryan Sleevi wrote: > >> >> On Mon, Mar 26, 2018 at 3:46 PM, Wayne Thayer via dev-security-policy < >> dev-security-policy@lists.mozilla.org> wrote: >> >>> When the

Re: Policy 2.6 Proposal: Require audits back to first issuance

2018-03-29 Thread Wayne Thayer via dev-security-policy
On Thu, Mar 29, 2018 at 8:57 AM, Ryan Sleevi wrote: > > I'm not fully sure I understand the proposal here. > > I would think that, for all roots created since 2012, the expectation > is that there is an unbroken series of audits, going from a Point in Time > audit (of the

Re: Policy 2.6 Proposal: Permit issuance during change in ownership

2018-03-29 Thread Wayne Thayer via dev-security-policy
On Thu, Mar 29, 2018 at 8:53 AM, Ryan Sleevi wrote: > > On Mon, Mar 26, 2018 at 3:46 PM, Wayne Thayer via dev-security-policy < > dev-security-policy@lists.mozilla.org> wrote: > >> When the Francisco Partners acquisition of Comodo was announced, it was >> pointed out [1] that a

Re: Audits for new subCAs

2018-03-29 Thread Ryan Sleevi via dev-security-policy
On Thu, Mar 29, 2018 at 2:46 PM, Wayne Thayer via dev-security-policy < dev-security-policy@lists.mozilla.org> wrote: > Thanks everyone for your input on this topic. I'm hearing consensus that we > should not require a newly issued subordinate CA certificate to appear on > an audit statement

Re: Policy 2.6 Proposal: Update domain validation requirements

2018-03-29 Thread Ryan Sleevi via dev-security-policy
On Fri, Mar 23, 2018 at 6:22 PM, Wayne Thayer via dev-security-policy < dev-security-policy@lists.mozilla.org> wrote: > I've drafted these changes: > https://github.com/mozilla/pkipolicy/commit/e5269ff0d6ced93a6c6af65947712b > 8e4b2e18b8 > > On Tue, Mar 20, 2018 at 9:57 AM, Tim Hollebeek

Re: Policy 2.6 Proposal: Require audits back to first issuance

2018-03-29 Thread Ryan Sleevi via dev-security-policy
On Mon, Mar 26, 2018 at 3:06 PM, Wayne Thayer via dev-security-policy < dev-security-policy@lists.mozilla.org> wrote: > Mozilla began requiring BR audits for roots in our program in 2013 [1], but > we have a vague policy statement in section 3.1 regarding audit > requirements prior to inclusion:

Re: Policy 2.6 Proposal: Permit issuance during change in ownership

2018-03-29 Thread Ryan Sleevi via dev-security-policy
On Mon, Mar 26, 2018 at 3:46 PM, Wayne Thayer via dev-security-policy < dev-security-policy@lists.mozilla.org> wrote: > When the Francisco Partners acquisition of Comodo was announced, it was > pointed out [1] that a strict reading of the current policy section 8.1 > would have forced Comodo to