gt; >> I think this is section you are citing as prohibiting issuance correct?
> >> So as long as the CA can show that this is not true, then issuance is
> >> permitted under the current policy.
> >>
> >>
> >>
> >> -Original Message-
>
ot true, then issuance is
>> permitted under the current policy.
>>
>>
>>
>> -Original Message-
>> From: dev-security-policy
>> On Behalf Of Ryan Sleevi via dev-security-policy
>> Sent: Friday, July 12, 2019 3:01 PM
>> To: Doug Beattie
&g
> On Behalf Of Ryan Sleevi via dev-security-policy
> Sent: Friday, July 12, 2019 3:01 PM
> To: Doug Beattie
> Cc: mozilla-dev-security-policy <
> mozilla-dev-security-pol...@lists.mozilla.org>; Wayne Thayer <
> wtha...@mozilla.com>
> Subject: Re: Logotype extension
that this is not true, then issuance is permitted under
the current policy.
-Original Message-
From: dev-security-policy On
Behalf Of Ryan Sleevi via dev-security-policy
Sent: Friday, July 12, 2019 3:01 PM
To: Doug Beattie
Cc: mozilla-dev-security-policy
; Wayne Thayer
Subject: Re: Logotype
Alternatively:
There is zero reason these should be included in publicly trusted certs
used for TLS, and ample harm. It is not necessary nor essential to securing
TLS, and that should remain the utmost priority.
CAs that wish to issue such certificates can do so from alternate
hierarchies. There
Message-
From: dev-security-policy On
Behalf Of Phillip Hallam-Baker via dev-security-policy
Sent: Thursday, July 11, 2019 11:53 PM
To: Wayne Thayer
Cc: mozilla-dev-security-policy
; hous...@vigilsec.com
Subject: Re: Logotype extensions
On Thu, Jul 11, 2019 at 12:19 PM Wayne Thayer wrote
On Thu, Jul 11, 2019 at 12:19 PM Wayne Thayer wrote:
> On Wed, Jul 10, 2019 at 7:26 PM Phillip Hallam-Baker <
> ph...@hallambaker.com> wrote:
>
>> Because then the Mozilla ban will be used to prevent any work on
>> logotypes in CABForum and the lack of CABForum rules will be used as
>> pretext
On Wed, Jul 10, 2019 at 7:26 PM Phillip Hallam-Baker
wrote:
>
> On Wed, Jul 10, 2019 at 6:11 PM Wayne Thayer wrote:
>
>> On Wed, Jul 10, 2019 at 2:31 PM Phillip Hallam-Baker <
>> ph...@hallambaker.com> wrote:
>>
>>> On Wed, Jul 10, 2019 at 4:54 PM Wayne Thayer via dev-security-policy <
>>>
On Wed, Jul 10, 2019 at 6:11 PM Wayne Thayer wrote:
> On Wed, Jul 10, 2019 at 2:31 PM Phillip Hallam-Baker <
> ph...@hallambaker.com> wrote:
>
>> On Wed, Jul 10, 2019 at 4:54 PM Wayne Thayer via dev-security-policy <
>> dev-security-policy@lists.mozilla.org> wrote:
>>
>>> Russ,
>>>
>>> >
>>>
On Wed, Jul 10, 2019 at 2:31 PM Phillip Hallam-Baker
wrote:
> On Wed, Jul 10, 2019 at 4:54 PM Wayne Thayer via dev-security-policy <
> dev-security-policy@lists.mozilla.org> wrote:
>
>> Russ,
>>
>> >
>> Perhaps one of us is confused because I think we're saying the same thing
>> -
>> that rules
On Wed, Jul 10, 2019 at 4:54 PM Wayne Thayer via dev-security-policy <
dev-security-policy@lists.mozilla.org> wrote:
> Russ,
>
> >
> Perhaps one of us is confused because I think we're saying the same thing -
> that rules around inclusion of Logotype extensions in publicly-trusted
> certs should
Russ,
On Wed, Jul 10, 2019 at 11:41 AM housley--- via dev-security-policy <
dev-security-policy@lists.mozilla.org> wrote:
> On Friday, July 5, 2019 at 7:53:45 PM UTC-4, Wayne Thayer wrote:
> > Based on this discussion, I propose adding the following statement to the
> > Mozilla Forbidden
On Wed, Jul 10, 2019 at 2:41 PM housley--- via dev-security-policy <
dev-security-policy@lists.mozilla.org> wrote:
> On Friday, July 5, 2019 at 7:53:45 PM UTC-4, Wayne Thayer wrote:
> > Based on this discussion, I propose adding the following statement to the
> > Mozilla Forbidden Practices wiki
On Wed, Jul 10, 2019 at 2:41 PM housley--- via dev-security-policy <
dev-security-policy@lists.mozilla.org> wrote:
> People find logos very helpful. That is why many browsers display a tiny
> logo in the toolbar.
>
Are you talking the favicon? An attacker controlled resource which should
not be
On Friday, July 5, 2019 at 7:53:45 PM UTC-4, Wayne Thayer wrote:
> Based on this discussion, I propose adding the following statement to the
> Mozilla Forbidden Practices wiki page [1]:
>
> ** Logotype Extension **
> Due to the risk of misleading Relying Parties and the lack of defined
>
; dev-security-policy@lists.mozilla.org>
> Sent: Friday, July 5, 2019 5:53:24 PM
> To: mozilla-dev-security-policy
> Subject: Re: Logotype extensions
>
> Based on this discussion, I propose adding the following statement to the
> Mozilla Forbidden Practices wiki page [1]:
>
>
To: mozilla-dev-security-policy
Subject: Re: Logotype extensions
Based on this discussion, I propose adding the following statement to the
Mozilla Forbidden Practices wiki page [1]:
** Logotype Extension **
Due to the risk of misleading Relying Parties and the lack of defined
validation standards
Based on this discussion, I propose adding the following statement to the
Mozilla Forbidden Practices wiki page [1]:
** Logotype Extension **
Due to the risk of misleading Relying Parties and the lack of defined
validation standards for information contained in this field, as discussed
here [2],
On 14/06/2019 18:54, Ryan Sleevi wrote:
> On Fri, Jun 14, 2019 at 4:12 PM Jakob Bohm via dev-security-policy <
> dev-security-policy@lists.mozilla.org> wrote:
>
>> In such a case, there are two obvious solutions:
>>
>> A. Trademark owner (prompted by applicant) provides CA with an official
>>
On Friday, June 14, 2019 at 1:31:12 PM UTC-4, kirkhal...@gmail.com wrote:
> CAs already have rules allowing a Parent, Subsidiary, or Affiliate (all
> defined terms) to obtain certs for domains owned by each other - so
> Alphabet-Google, for example, can get certs for domains owned by each other.
CAs already have rules allowing a Parent, Subsidiary, or Affiliate (all defined
terms) to obtain certs for domains owned by each other - so Alphabet-Google,
for example, can get certs for domains owned by each other. So we would use
the same rules to make certain the registered trademark owner
On Fri, Jun 14, 2019 at 4:12 PM Jakob Bohm via dev-security-policy <
dev-security-policy@lists.mozilla.org> wrote:
> In such a case, there are two obvious solutions:
>
> A. Trademark owner (prompted by applicant) provides CA with an official
>permission letter stating that Applicant is
On 14/06/2019 04:16, Corey Bonnell wrote:
On Thursday, June 13, 2019 at 2:04:48 AM UTC-4, kirkhal...@gmail.com wrote:
On Tuesday, June 11, 2019 at 2:49:31 PM UTC+3, Jeremy Rowley wrote:
We wanted to experiment a bit with logotype extensions and trademarks, but
we heard from the CAB Forum that
On Thu, Jun 13, 2019 at 2:04 AM kirkhalloregon--- via dev-security-policy <
dev-security-policy@lists.mozilla.org> wrote:
> Jeremy is correct - including strongly verified registered trademarks via
> extensions in EV certs is permitted (i.e., not forbidden) by BR Section
> 7.1.2.4.
It's unclear
On Tuesday, June 11, 2019 at 2:49:31 PM UTC+3, Jeremy Rowley wrote:
> We wanted to experiment a bit with logotype extensions and trademarks, but
> we heard from the CAB Forum that whether inclusion is allowed is subject a
> bit to interpretation by the browsers.
>
>
>
> >From the BRs section
On Tuesday, June 11, 2019 at 2:49:31 PM UTC+3, Jeremy Rowley wrote:
> We wanted to experiment a bit with logotype extensions and trademarks, but
> we heard from the CAB Forum that whether inclusion is allowed is subject a
> bit to interpretation by the browsers.
>
>
>
> >From the BRs section
I agree with Corey.
On Wed, Jun 12, 2019 at 4:28 AM Jeremy Rowley via dev-security-policy <
dev-security-policy@lists.mozilla.org> wrote:
> That argument applies to every extension not expressly permitted by the
> BRs.
Yup. It definitely puts the onus on the CA to demonstrate how they're not
-pol...@lists.mozilla.org
Subject: Re: Logotype extensions
On Tuesday, June 11, 2019 at 7:49:31 AM UTC-4, Jeremy Rowley wrote:
> We wanted to experiment a bit with logotype extensions and trademarks, but
> we heard from the CAB Forum that whether inclusion is allowed is subject a
On Tuesday, June 11, 2019 at 7:49:31 AM UTC-4, Jeremy Rowley wrote:
> We wanted to experiment a bit with logotype extensions and trademarks, but
> we heard from the CAB Forum that whether inclusion is allowed is subject a
> bit to interpretation by the browsers.
>
>
>
> >From the BRs section
29 matches
Mail list logo