The recent auditor discussions on this list have highlighted the fact that
we haven't done a good job of tracking auditor concerns. Easily searchable
records of past CA issues in Bugzilla help us to identify patterns of CA
behavior, and we should have the same for auditors. with that in mind, I
hav
I've added a page to our wiki that describes how Firefox determines if a
particular website received the EV UI:
https://wiki.mozilla.org/CA/EV_Processing_for_CAs
I mentioned this at the last CA/Browser Forum meeting and I hope it is
useful to CAs - especially those who are dealing with cross-signi
Since there haven't been any further comments regarding my recommendation
to deny this request, I would like to ask for feedback on next steps that
Identrust can take in the event of a denial. I believe that Identrust would
still like to pursue EV recognition in Firefox, but I think it's unlikely
t
It was pointed out that the email I sent to CAs stated that the effective
date of the ballot (once it completed the IPR review period) will be
December 10, **2019**. The year is obviously wrong and contradicts the rest
of the message. The correct effective date is December 10, **2018**. All of
the
On Mon, Nov 12, 2018 at 6:18 PM Man Ho via dev-security-policy <
dev-security-policy@lists.mozilla.org> wrote:
> When the ballot said "... would result in a valid domain label", does it
> mean that "... would result in a valid domain name of the applicant,
> that has passed the same level of domai
>
>
>
> On Tue, Nov 13, 2018 at 11:26 AM Jakob Bohm via dev-security-policy <
> dev-security-policy@lists.mozilla.org> wrote:
>
>> Furthermore the start of the thread was off-list. Also neither I, nor
>> some other participants have access to the audit reports etc. in CCADB.
>>
>
> Sure you do. Th
Unfortunately, you seem to be be ignoring what I wrote and talking about
something else.
On 13/11/2018 14:31, Ryan Sleevi wrote:
> I suppose I had unreasonably hoped it would be self-evident, particularly
> for someone who claims to follow the issues, to understand how directly
> that issue was r
On Tue, Nov 13, 2018 at 9:46 AM things things
wrote:
> >> I hope you can see that this is actively damaging the community by
> promoting magniloquent indictments instead of discussing
> >> clear facts. It would be far more productive to provide a concrete and
> structured list of TUVITs failings,
I suppose I had unreasonably hoped it would be self-evident, particularly
for someone who claims to follow the issues, to understand how directly
that issue was related. Unfortunately, whether for intent or otherwise, it
appears not.
While I do not believe nor agree with your approach to framing t
On Tue, Nov 13, 2018 at 5:30 AM things things via dev-security-policy <
dev-security-policy@lists.mozilla.org> wrote:
> Ryan,
>
> I feel you are trying to derail the discussion and are muddying the waters.
>
> I hope you can see that this is actively damaging the community by
> promoting magniloqu
On 13/11/2018 04:08, Ryan Sleevi wrote:
> Jakob,
>
In the following, I have added a new subject category:
Subject U: [T-Systems local] Issues at T-Systems, rather than issues
in TUVIT's auditing of T-Systems.
I will use the following number:
U1: T-Systems misencoded the qc-statement extension
11 matches
Mail list logo