On Tue, Apr 21, 2020 at 01:23:49AM -0400, Ryan Sleevi wrote:
> On Mon, Apr 20, 2020 at 10:04 PM Matt Palmer via dev-security-policy <
> dev-security-policy@lists.mozilla.org> wrote:
> > 1. Make cPSuri mandatory
>
> We really don’t need to be stuffing everything into subscriber
> certificates, espe
On Mon, Apr 20, 2020 at 10:04 PM Matt Palmer via dev-security-policy <
dev-security-policy@lists.mozilla.org> wrote:
> A major difficulty I found in trying to report compromised keys to CAs was
> in finding a reporting address to use. Now, by itself, that could be
> solved
> by making CCADB repor
A major difficulty I found in trying to report compromised keys to CAs was
in finding a reporting address to use. Now, by itself, that could be solved
by making CCADB reporting addresses be authoritative, but that would also
require standardisation of reporting types, and it's a whole rabbit hole.
On Sun, Apr 19, 2020 at 2:41 PM Ben Wilson via dev-security-policy <
dev-security-policy@lists.mozilla.org> wrote:
> Dear MDSP community,
>
> As you are aware from past discussions on this list, there has been a
> concern about the impact of COVID-19 on CA operations. COVID-19 continues
> to impa
(Posting in a personal capacity)
I think everyone so far has made valid points about why this is unexpected, and
a dangerous precedent to set going forward. That said I'd like to reiterate
that this feels like rewarding undesirable behavior. The CAs that will benefit
from an exemption, especial
Like others, I am concerned with the lack of transparency around this
proposal. Many of the options under consideration would be a departure
from Mozilla's no exceptions policy, which could have serious
consequences that undermine trust in Mozilla's root program. This
ought to require compelling j
Dear Ben,
I confirm that Microsec will correct all issues in the CP and CPS documents as
promised during the public discussion.
Thanks to everyone who took the time to read Microsec CP and CPS and to comment
on them.
If there are no more comments on the content of our CP and CPS documents in
7 matches
Mail list logo