Kurt Roeckx writes:
>This is why browsers have something like OneCRL, so that they actually do
>know about it and why Rob added that information to the bug tracker (
>https://bugzilla.mozilla.org/show_bug.cgi?id=906611#c2).
That still doesn't necessarily answer the question,
On Thu, Oct 6, 2016 at 7:33 AM, Peter Bowen wrote:
> On Thu, Oct 6, 2016 at 7:29 AM, Rob Stradling
> wrote:
>> On 04/10/16 19:39, Peter Bowen wrote:
>>> On Tue, Oct 4, 2016 at 6:29 AM, Rob Stradling
>>> wrote:
On
On Thu, Oct 6, 2016 at 3:57 PM, Richard Barnes wrote:
> I seem to recall we had some discussion a while back about what criteria
> should be applied to email CAs. Where did we end up on that?
I don't believe anything was settled. There is one small item in the CA policy:
On Thu, Oct 6, 2016 at 12:09 PM, Kathleen Wilson
wrote:
> This request from Symantec is to include the following 4 root certificates
> and enable the Email trust bit for them.
>
To be clear: The request is for *only* the email trust bit to be set?
I seem to recall we had
Thanks Kathleen.
I have no substantive objections to this inclusion (with only the Email trust
bit to be set) at this time but I do have a minor editorial nitpick which might
as well go back to Symantec while we're here.
On page 1 of the Introduction of the CP document, a footnote refers to
On Tuesday, October 4, 2016 at 9:25:16 AM UTC-7, Gervase Markham wrote:
> On 29/09/16 16:40, Gervase Markham wrote:
> > Following the publication of the recent investigative report,
> > representatives of Qihoo 360 and StartCom have requested a face-to-face
> > meeting with Mozilla. We have
On 04/10/16 19:39, Peter Bowen wrote:
> On Tue, Oct 4, 2016 at 6:29 AM, Rob Stradling
> wrote:
>> On 04/10/16 13:18, Nick Lamb wrote:
>>> On Tuesday, 4 October 2016 11:14:01 UTC+1, Rob Stradling wrote:
Neither. I'd like to run cablint over all certs pre-issuance,
On 06/10/2016 15:58, Gervase Markham wrote:
On 06/10/16 12:38, Jakob Bohm wrote:
Which is why I have repeatedly suggested that maybe the rules should be
changed to promote/demote some of the historic SHA-1 root certs into
"SHA-1 forever" roots that can service older devices and browsers, even
On 06/10/16 12:38, Jakob Bohm wrote:
> Which is why I have repeatedly suggested that maybe the rules should be
> changed to promote/demote some of the historic SHA-1 root certs into
> "SHA-1 forever" roots that can service older devices and browsers, even
> for regular websites concerned about
On 06/10/2016 07:46, Peter Bowen wrote:
On Wed, Oct 5, 2016 at 10:02 PM, Michael Ströder wrote:
Dean Coclin wrote:
First Data's customers don't use browsers so Firefox can disable SHA-1 tomorrow
and not affect them.
So why to have your CA certificate trusted in
On Thu, Oct 06, 2016 at 08:22:20AM +0200, Hanno Böck wrote:
> On Wed, 5 Oct 2016 22:46:24 -0700
> Peter Bowen wrote:
>
> > I think we can all look back with 20/20 hindsight and say that device
> > vendors should not use the same roots as browsers and that maybe CAs
> > should
On Wed, 5 Oct 2016 22:46:24 -0700
Peter Bowen wrote:
> I think we can all look back with 20/20 hindsight and say that device
> vendors should not use the same roots as browsers and that maybe CAs
> should have created "SHA-1 forever" roots for devices that never plan
> to
12 matches
Mail list logo