Re: 825 days success and future progress!

2018-04-05 Thread Jakob Bohm via dev-security-policy
On 04/04/2018 04:16, Matt Palmer wrote: On Tue, Apr 03, 2018 at 03:16:53AM +0200, Jakob Bohm via dev-security-policy wrote: On 03/04/2018 02:35, Kurt Roeckx wrote: On Tue, Apr 03, 2018 at 02:11:07AM +0200, Jakob Bohm via dev-security-policy wrote: seems to be mostly justified as a poor

Re: 825 days success and future progress!

2018-04-03 Thread Matt Palmer via dev-security-policy
On Tue, Apr 03, 2018 at 03:16:53AM +0200, Jakob Bohm via dev-security-policy wrote: > On 03/04/2018 02:35, Kurt Roeckx wrote: > > On Tue, Apr 03, 2018 at 02:11:07AM +0200, Jakob Bohm via > > dev-security-policy wrote: > > > seems > > > to be mostly justified as a poor workaround for the browsers

Re: 825 days success and future progress!

2018-04-02 Thread Jakob Bohm via dev-security-policy
On 03/04/2018 02:35, Kurt Roeckx wrote: On Tue, Apr 03, 2018 at 02:11:07AM +0200, Jakob Bohm via dev-security-policy wrote: seems to be mostly justified as a poor workaround for the browsers and certificate libraries not properly implementing reliable revocation checks. The problem is not in

Re: 825 days success and future progress!

2018-04-02 Thread Kurt Roeckx via dev-security-policy
On Tue, Apr 03, 2018 at 02:11:07AM +0200, Jakob Bohm via dev-security-policy wrote: > seems > to be mostly justified as a poor workaround for the browsers and > certificate libraries not properly implementing reliable revocation > checks. The problem is not in the libraries, or even the

Re: 825 days success and future progress!

2018-04-02 Thread Jakob Bohm via dev-security-policy
: Alex Gaynor; Tim Hollebeek; MozPol Subject: Re: 825 days success and future progress! In past discussions, the proposal was 1 year to 2 years, and 1 year to 1 year after that. We're now at the midway point, so it seems appropriate to discuss how to get shorter. On Mon, Apr 2, 2018 at 3

RE: 825 days success and future progress!

2018-04-02 Thread Buschart, Rufus via dev-security-policy
orlife] From: Ryan Sleevi [mailto:r...@sleevi.com] Sent: Montag, 2. April 2018 21:16 To: Buschart, Rufus (GS IT HR 7 4) Cc: Alex Gaynor; Tim Hollebeek; MozPol Subject: Re: 825 days success and future progress! In past discussions, the proposal was 1 year to 2 years, and 1 year to 1 year after that.

Re: 825 days success and future progress!

2018-04-02 Thread Ryan Sleevi via dev-security-policy
alf Of Alex > Gaynor via dev-security-policy > Sent: Montag, 2. April 2018 20:51 > To: Tim Hollebeek > Cc: MozPol > Subject: Re: 825 days success and future progress! > > Hi Tim, > > I'd have suggested an even shorter period, say 13 months, except I > anticipated

Re: 825 days success and future progress!

2018-04-02 Thread Ryan Sleevi via dev-security-policy
b...@digicert.com> > *Cc:* Alex Gaynor <agay...@mozilla.com>; MozPol < > mozilla-dev-security-pol...@lists.mozilla.org> > *Subject:* Re: 825 days success and future progress! > > > > > > > > On Mon, Apr 2, 2018 at 2:28 PM, Tim Hollebeek via dev-security-polic

RE: 825 days success and future progress!

2018-04-02 Thread Buschart, Rufus via dev-security-policy
Of > > bounces+Alex > > Gaynor via dev-security-policy > > Sent: Monday, April 2, 2018 1:07 PM > > To: MozPol <mozilla-dev-security-pol...@lists.mozilla.org> > > Subject: 825 days success and future progress! > > > > Afternoon all! > > > >

RE: 825 days success and future progress!

2018-04-02 Thread Tim Hollebeek via dev-security-policy
gt; Cc: Alex Gaynor <agay...@mozilla.com>; MozPol <mozilla-dev-security-pol...@lists.mozilla.org> Subject: Re: 825 days success and future progress! On Mon, Apr 2, 2018 at 2:28 PM, Tim Hollebeek via dev-security-policy <dev-security-policy@lists.mozilla.org <ma

Re: 825 days success and future progress!

2018-04-02 Thread Ryan Sleevi via dev-security-policy
On Mon, Apr 2, 2018 at 2:28 PM, Tim Hollebeek via dev-security-policy < dev-security-policy@lists.mozilla.org> wrote: > 18 months is not significantly different from 825 days. So there's really > no benefit. > So it sounds like you're supportive of 13 months, then, so that we arrive at an

RE: 825 days success and future progress!

2018-04-02 Thread Tim Hollebeek via dev-security-policy
To: Tim Hollebeek <tim.holleb...@digicert.com> Cc: MozPol <mozilla-dev-security-pol...@lists.mozilla.org> Subject: Re: 825 days success and future progress! Hi Tim, I'd have suggested an even shorter period, say 13 months, except I anticipated CAs would object that it was too great

Re: 825 days success and future progress!

2018-04-02 Thread Alex Gaynor via dev-security-policy
> Sent: Monday, April 2, 2018 1:07 PM > > To: MozPol <mozilla-dev-security-pol...@lists.mozilla.org> > > Subject: 825 days success and future progress! > > > > Afternoon all! > > > > A month ago a new BR rule went into effect, putting a maximum validity > period

RE: 825 days success and future progress!

2018-04-02 Thread Tim Hollebeek via dev-security-policy
illa-dev-security-pol...@lists.mozilla.org> > Subject: 825 days success and future progress! > > Afternoon all! > > A month ago a new BR rule went into effect, putting a maximum validity period > of 825 days on newly issued certificates. > > Truthfully, I was expecting tons of CA

825 days success and future progress!

2018-04-02 Thread Alex Gaynor via dev-security-policy
Afternoon all! A month ago a new BR rule went into effect, putting a maximum validity period of 825 days on newly issued certificates. Truthfully, I was expecting tons of CAs to screw up, forget to implement it, or have no technical controls, and there to be tons of miss-issuance. To me delight,