Mozilla CA Policy 2.4 RC1, and timing

Hi everyone, We've now worked our way through all 21 issues which were scheduled for Mozilla CA Policy 2.4. You can see the current text here: https://github.com/mozilla/pkipolicy/blob/master/rootstore/policy.md https://github.com/mozilla/pkipolicy/blob/master/ccadb/policy.md

Re: Policy 2.4 Proposal: Update algorithms and key sizes list

On 07/02/17 17:45, Gervase Markham wrote: > We want to update the permitted algorithms and key sizes list. Resolution: resolved as specced (using English descriptions rather than AlgorithmIdentifiers). Gerv ___ dev-security-policy mailing list

Re: Policy 2.4 Proposal: Implement "proper" SHA-1 ban

On 07/02/17 17:25, Gervase Markham wrote: > Therefore, we would like to update Mozilla's CA policy to implement a > "proper" SHA-1 ban. Resolution: resolved pretty much as drafted. Gerv ___ dev-security-policy mailing list

Re: SHA-1 serverAuth cert issued by Trustis in November 2016

On 16/02/17 18:26, blake.mor...@trustis.com wrote: > Trustis has now revoked the SHA-1 Certificate for hmrcset.trustis.com > and replaced it with a SHA-256 Certificate. This status is reflected > in the latest CRL. Hi Blake, We are pleased to hear that, but the detail of your report compares

Re: SHA-1 serverAuth cert issued by HydrantID (QuoVadis) in January 2017

Hi Stephen, On 16/02/17 18:37, Stephen Davidson wrote: > Incident Report Thank you for your prompt and detailed incident report. It seems to me that this highlights the particular extra care that needs to be taken by all CAs regarding manual issuances which do not use the normal software into

Re: GoDaddy Misissuance Action Items

On 13/02/17 23:53, Wayne Thayer wrote: > Gerv - this makes sense and it is GoDaddy's intent to perform these steps > within 3 months. No significant objections have been put forward about this action plan, and so I have filed a Bugzilla bug to track GoDaddy's implementation: