Re: Let's Encrypt Root

2015-10-28 Thread Gervase Markham
On 26/10/15 23:46, Richard Barnes wrote: > https://bugzilla.mozilla.org/show_bug.cgi?id=1204656 I'm surprised it's taken LE as long as a month to review whether the info-gathering document has been correctly transcribed... Gerv ___ dev-security-policy

RE: Question: BR requirement about structuring CPS according to RFC 3647

2015-10-28 Thread Ben Wilson
The CA/Browser Forum should create a public log of instances where a CA has notified the CA/Browser Forum of conflicts between the Guidelines and local law. -Original Message- From: dev-security-policy [mailto:dev-security-policy-bounces+ben=digicert@lists.mozilla.org] On Behalf Of

Re: Policy Update Proposal -- Refer to BRs for Name Constraints Requirement

2015-10-28 Thread Kathleen Wilson
On 9/21/15 4:02 PM, Kathleen Wilson wrote: The next item on our list to discuss is: https://wiki.mozilla.org/CA:CertificatePolicyV2.3 (D2) CA/Browser Forum Baseline Requirements version 1.1.6 added a requirement regarding technically constraining subordinate CA certificates, so item #9 of the

Re: Question: BR requirement about structuring CPS according to RFC 3647

2015-10-28 Thread Ryan Sleevi
On Wed, October 28, 2015 1:55 am, mycho...@gmail.com wrote: > > Dear Sleevi > > First of all, I appreciate your detailed opinios and suggestions > > In terms of option B (application to only be for that of your SSL/website > CA rather than your root CA) > All CAs in CA hierarchy (including

Re: Symantec Test Cert Misissuance Incident

2015-10-28 Thread Kathleen Wilson
On 10/28/15 2:14 PM, Kathleen Wilson wrote: Google has blogged about this: https://googleonlinesecurity.blogspot.com/2015/10/sustaining-digital-certificate-security.html All, We should discuss what actions Mozilla should require of Symantec, and what would be the penalty of not completing

Re: Policy Update Proposal -- Specify audit criteria according to trust bit

2015-10-28 Thread Kathleen Wilson
On 10/19/15 4:34 PM, Kathleen Wilson wrote: Therefore, I also propose that we don't separate out the audit criteria according to trust bit in version 2.3 of the policy. Rather, the separation will be part of another effort to create a separate S/MIME policy in 2016. This means that the

Re: Symantec Test Cert Misissuance Incident

2015-10-28 Thread Kathleen Wilson
Google has blogged about this: https://googleonlinesecurity.blogspot.com/2015/10/sustaining-digital-certificate-security.html ___ dev-security-policy mailing list dev-security-policy@lists.mozilla.org

Re: FNMT Root Inclusion Request

2015-10-28 Thread Erwann Abalea
Bonsoir, Le mercredi 28 octobre 2015 14:53:39 UTC+1, raf...@gmail.com a écrit : > > However, https://crt.sh/?id=8983568 shows a TLS server certificate valid > > for 4 years and delivered in 2015. > As already it has been commented, this subCA was developed for a private and > restricted