Re: Pre-cert misissuance

On 19/09/15 19:12, Brian Smith wrote: On Sat, Sep 19, 2015 at 7:20 AM, Gervase Markham wrote: Symantec just fired people for mis-issuing a google.com 1-day pre-cert: By the way, Symantec didn't say "pre-cert," they said "certificates". Also, I we shouldn't be splitting

Policy Update Proposal -- Refer to BRs for Name Constraints Requirement

The next item on our list to discuss is: https://wiki.mozilla.org/CA:CertificatePolicyV2.3 (D2) CA/Browser Forum Baseline Requirements version 1.1.6 added a requirement regarding technically constraining subordinate CA certificates, so item #9 of the Inclusion Policy may refer to the BR for

Re: Policy Update Proposal -- Refer to BRs for Name Constraints Requirement

On Mon, Sep 21, 2015 at 4:02 PM, Kathleen Wilson wrote: > Section 7.1.5 of version 1.3 of the Baseline Requirements says: > The proposal is to simplify item #9 of the Inclusion Policy, > >

Re: Policy Update Proposal -- Refer to BRs for Name Constraints Requirement

On 9/21/15 5:01 PM, Brian Smith wrote: I think it is better to resolve whether email certificates and code signing certificates are in or out of scope for Mozilla's policy first. Good point. I will start the email trust bit discussion. We can figure that out first. Thanks, Kathleen

Re: Pre-cert misissuance

On 19/09/15 19:12, Brian Smith wrote: > On Sat, Sep 19, 2015 at 7:20 AM, Gervase Markham wrote: > >> Symantec just fired people for mis-issuing a google.com 1-day pre-cert: > > By the way, Symantec didn't say "pre-cert," they said "certificates". > > Also, I we shouldn't be