On Monday, September 17, 2018 at 1:18:47 PM UTC-5, Wayne Thayer wrote:
> On Mon, Sep 17, 2018 at 9:43 AM Wayne Thayer wrote:
>
> > Even though the discussion period has ended, Mozilla will continue to
> > consider factual information that is submitted as comments here:
> >
Even though the discussion period has ended, Mozilla will continue to
consider factual information that is submitted as comments here:
https://bugzilla.mozilla.org/show_bug.cgi?id=1325532
Your concern about "without comment and then get approved" may stem from a
misunderstanding of Mozilla's
I am disappointed I didn't see this before the three week comment period,
because this is an incredible disaster. Mozilla is seriously considering
permitting a company with a completely unilateral ability to shut other Root
CAs down (via their market share over Chrome and Android, and that the
I guess under this logic, I withdraw my protest. As you say, Google
could simply start using these certificates, and Mozilla executives
would force you to accept them regardless of any policy violations in
order to keep people using Firefox. This whole process appears to
mostly just be a veneer of
On Mon, Sep 17, 2018 at 3:19 PM jtness--- via dev-security-policy <
dev-security-policy@lists.mozilla.org> wrote:
>
> The risk of any given browser vendor also being a Root CA is small as most
> browser vendors do not have the requisite market share to make unilateral
> decisions. Google
I have created a bug and requested a response from Comodo:
https://bugzilla.mozilla.org/show_bug.cgi?id=1492006
As noted, there are no specific requirements regarding how CAs validate
revocation requests in the BRs. Every CA may do this however they choose,
so I don't believe there is any action
On Mon, Sep 17, 2018 at 9:43 AM Wayne Thayer wrote:
> Even though the discussion period has ended, Mozilla will continue to
> consider factual information that is submitted as comments here:
> https://bugzilla.mozilla.org/show_bug.cgi?id=1325532
>
> Your concern about "without comment and then
Thanks everyone for your feedback. The September 2018 CA Communication has
just been sent to all primary points-of-contact for CAs in our program. CAs
have been asked to respond by 30-September. I will also be adding a post to
https://blog.mozilla.org/security/ announcing the survey,
- Wayne
On
Good to know, and thank you very much for following up on this!
Small update by the way: I finally received a reply from Comodo CA confirming
their 2nd wave of revocations a few hours ago, on September 17 at 16:55 UTC to
be exact. Strangely, it was in response to an email where I informed them
9 matches
Mail list logo