I have updated the "Acceptable remediation" section of
https://wiki.mozilla.org/CA/Audit_Letter_Validation#Intermediate_Certificates
as follows.
I will greatly appreciate your review and input on this.
~~
Acceptable remediation:
Remediation may include one of the following when a
non-technicall
On Fri, Feb 7, 2020 at 12:27 PM Dimitris Zacharopoulos via
dev-security-policy wrote:
> Finally, I don't think auditor professional ethics have anything to do
> with this discussion. Both audit schemes allow for reports to be updated
> otherwise we wouldn't even have this option on the table. Cha
For what it's worth, I think that there should be two distinct cases:
a) Self-signed Certificates that have the same SPKI and name, but only
one was ever requested to be included as a Trust Anchor in the Mozilla
Root Program,
b) Variations of Issuing CA Certificates that have the same SPKI an
On Fri, Feb 7, 2020 at 11:00 AM Wayne Thayer wrote:
> I'd like to see Mozilla require an incident report from CAs that can't or
> won't follow the existing guidance (by either supplying a revised audit
> statement, revoking the certificate, or adding it to OneCRL). A number of
> CAs have resolved
On Thu, Feb 6, 2020 at 5:44 PM Ryan Sleevi via dev-security-policy <
dev-security-policy@lists.mozilla.org> wrote:
My recommendation is that, for audit periods ending within the next 30 or
> so days (meaning, effectively, for reports provided over the next 4 months,
> given the three month windo
On Tue, Feb 4, 2020 at 6:59 PM Kathleen Wilson via dev-security-policy <
dev-security-policy@lists.mozilla.org> wrote:
> All,
>
> https://wiki.mozilla.org/CA/Audit_Letter_Validation
> currently says:
> ""
> Acceptable remediation for an intermediate certificate missing BR audits
> may include one
All,
https://wiki.mozilla.org/CA/Audit_Letter_Validation
currently says:
""
Acceptable remediation for an intermediate certificate missing BR audits
may include one or more of the following:
- Have your auditor issue a revised report that includes the
intermediate certificate. Note that i
7 matches
Mail list logo