We do not intend to revoke the end-user certificates.
We consider this to be a compliance issue for the CA certificates only. The CAs
(i.e. the private keys) and end-user certificates issued from the CAs are not
affected.
Regards
Mads
-Original Message-
From: dev-security-policy On
Copy-paste correction:
2) Intermediate CA Certificates with their own audit statements (CSV)
https://ccadb-public.secure.force.com/mozilla/IntermediateCertsSeparateAuditsCSV
On 3/27/19 11:50 AM, Kathleen Wilson wrote:
All,
Just FYI that we have added the following two reports to
All,
Just FYI that we have added the following two reports to
wiki.mozilla.org/CA/Intermediate_Certificates
1) Intermediate CA Certificates with their own audit statements (HTML)
https://ccadb-public.secure.force.com/mozilla/IntermediateCertsSeparateAudits
2) Intermediate CA Certificates
I've added a few more issues that were recently created to the list for
2.7: https://github.com/mozilla/pkipolicy/labels/2.7
176 - Clarify revocation requirements for S/MIME certs
175 - Forbidden Practices wiki page says email validation cannot be
delegated to 3rd parties
I plan to begin posting
I'm [hopefully] beginning with a simple change that clarifies the language
used for Point-in-Time (PiT) audits used in policy. Section 3.1.3 of our
policy currently references a "point-in-time assessment", and section 8
uses the undefined abbreviation "PITRA", which stands for "point-in-time
26 Mart 2019 Salı 19:19:24 UTC+3 tarihinde Wayne Thayer yazdı:
> Melis: Thank you for this incident report. I have filed
> https://bugzilla.mozilla.org/show_bug.cgi?id=1539190 and assigned it to you
> to track this issue.
>
> Will you please have one of your colleagues add you as a Kamu SM
I'm not sure whether it's necessary to indicate support, but since silence
can sometimes be ambiguously interpreted: I support these changes and
believe they achieve the desired outcome.
___
dev-security-policy mailing list
7 matches
Mail list logo
