RE: Misissued/Suspicious Symantec Certificates

2017-02-12 Thread Steve Medin via dev-security-policy
A response is now available in Bugzilla 1334377 and directly at: https://bugzilla.mozilla.org/attachment.cgi?id=8836487 > -Original Message- > From: Gervase Markham [mailto:g...@mozilla.org] > Sent: Thursday, February 09, 2017 4:56 AM > To: Steve Medin ;

Re: Misissued/Suspicious Symantec Certificates

2017-02-12 Thread Nick Lamb via dev-security-policy
On Sunday, 12 February 2017 15:28:26 UTC, Steve Medin wrote: > A response is now available in Bugzilla 1334377 and directly at: > https://bugzilla.mozilla.org/attachment.cgi?id=8836487 Thanks for these responses Steve, I believe that Symantec's decision to terminate the RA Partner programme was

Re: Misissued/Suspicious Symantec Certificates

2017-02-12 Thread Eric Mill via dev-security-policy
Also relevant are Symantec's statements about two E regional auditors. One section describes contradictions from E KR (Korea) in describing why some CrossCert issuing CAs were not in scope: • The list of CAs in the audit was produced by CrossCert and given to E KR as the scope to audit. It was

Re: Taiwan GRCA Root Renewal Request

2017-02-12 Thread Peter Gutmann via dev-security-policy
Gervase Markham via dev-security-policy writes: >Peter: you are going to have to re-summarise your question. And then, if you >are asking why Mozilla code works in a certain way, mozilla.dev.security or >mozilla.dev.tech.crypto are almost certainly far