Re: Safely testing TLS in dev & test environments

2017-03-23 Thread Walter Goulet via dev-security-policy
On Thursday, March 23, 2017 at 8:13:38 PM UTC-5, Jakob Bohm wrote: > On 23/03/2017 22:59, Walter Goulet wrote: > > Hi all, > > > > This is not directly related to Mozilla policy, CA issues or really any of > > the normal discussions that I typically see in the group. However, I think > > that my

Re: Safely testing TLS in dev & test environments

2017-03-23 Thread Jakob Bohm via dev-security-policy
On 23/03/2017 22:59, Walter Goulet wrote: Hi all, This is not directly related to Mozilla policy, CA issues or really any of the normal discussions that I typically see in the group. However, I think that my question may be relevant in helping to understand what a 'policy' for an internal,

Re: Next CA Communication

2017-03-23 Thread Kathleen Wilson via dev-security-policy
On Tuesday, March 21, 2017 at 11:34:30 AM UTC-7, Gervase Markham wrote: > On 21/03/17 10:16, Gervase Markham wrote: > > On 17/03/17 11:30, Gervase Markham wrote: > >> The URL for the draft of the next CA Communication is here: > >>

Re: Next CA Communication

2017-03-23 Thread Kathleen Wilson via dev-security-policy
On Tuesday, March 21, 2017 at 7:17:26 AM UTC-7, Gervase Markham wrote: > On 17/03/17 11:30, Gervase Markham wrote: > > The URL for the draft of the next CA Communication is here: > >

Re: Next CA Communication

2017-03-23 Thread Kathleen Wilson via dev-security-policy
On Tuesday, March 21, 2017 at 5:51:29 AM UTC-7, Kurt Roeckx wrote: > On 2017-03-21 12:51, Jakob Bohm wrote: > > On 21/03/2017 10:09, Kurt Roeckx wrote: > >> Action 6 says: I've updated action #6, but it still might not be clear. Here's the new draft: ACTION 6: QUALIFIED AUDIT STATEMENTS When

Re: Notice of Intent to Deprecate and Remove: Trust in Symantec-issued Certificates

2017-03-23 Thread Peter Bowen via dev-security-policy
On Thu, Mar 23, 2017 at 12:54 PM, Jakob Bohm via dev-security-policy wrote: > > The above message (and one by Symantec) were posted to the > mozilla.dev.security.policy newsgroup prior to becoming aware of > Google's decision to move the discussion to its

Re: Notice of Intent to Deprecate and Remove: Trust in Symantec-issued Certificates

2017-03-23 Thread Ryan Sleevi via dev-security-policy
(Posting in an official capacity) Jakob, As the initial message said: "You can participate in this discussion at https://groups.google.com/a/chromium.org/forum/#!topic/blink-dev/eUAKwjihhBs " I've removed the cross-post, to ensure that threads do not fork due to members being subscribed to one

Re: Notice of Intent to Deprecate and Remove: Trust in Symantec-issued Certificates

2017-03-23 Thread Jakob Bohm via dev-security-policy
On 23/03/2017 20:27, Ryan Sleevi wrote: On Thu, Mar 23, 2017 at 1:38 PM, Jakob Bohm via dev-security-policy < dev-security-policy@lists.mozilla.org> wrote: On 23/03/2017 17:09, Ryan Sleevi wrote: (Posting in a Google Capacity) I just wanted to notify the members of this Forum that we have

Re: Notice of Intent to Deprecate and Remove: Trust in Symantec-issued Certificates

2017-03-23 Thread Ryan Sleevi via dev-security-policy
On Thu, Mar 23, 2017 at 1:38 PM, Jakob Bohm via dev-security-policy < dev-security-policy@lists.mozilla.org> wrote: > On 23/03/2017 17:09, Ryan Sleevi wrote: > >> (Posting in a Google Capacity) >> >> I just wanted to notify the members of this Forum that we have started an >> Intent to Deprecate

Re: Notice of Intent to Deprecate and Remove: Trust in Symantec-issued Certificates

2017-03-23 Thread Jakob Bohm via dev-security-policy
On 23/03/2017 17:09, Ryan Sleevi wrote: (Posting in a Google Capacity) I just wanted to notify the members of this Forum that we have started an Intent to Deprecate and Remove, consistent with our Blink process, related to certain certificates issued by Symantec Corporation. This is a

Re: Notice of Intent to Deprecate and Remove: Trust in Symantec-issued Certificates

2017-03-23 Thread Ryan Sleevi via dev-security-policy
On Thu, Mar 23, 2017 at 12:54 PM, tarah.symantec--- via dev-security-policy wrote: > What will be the process for critical infrastructure such as medical > devices and payment systems when they're affected by this? To avoid fragmentation of discussion,

Re: Notice of Intent to Deprecate and Remove: Trust in Symantec-issued Certificates

2017-03-23 Thread tarah.symantec--- via dev-security-policy
On Thursday, March 23, 2017 at 12:09:23 PM UTC-4, Ryan Sleevi wrote: > (Posting in a Google Capacity) > > I just wanted to notify the members of this Forum that we have started an > Intent to Deprecate and Remove, consistent with our Blink process, related to > certain certificates issued by

Notice of Intent to Deprecate and Remove: Trust in Symantec-issued Certificates

2017-03-23 Thread Ryan Sleevi via dev-security-policy
(Posting in a Google Capacity) I just wanted to notify the members of this Forum that we have started an Intent to Deprecate and Remove, consistent with our Blink process, related to certain certificates issued by Symantec Corporation. This is a proposed plan, not a final commitment, and we

Re: Google Trust Services roots

2017-03-23 Thread Ryan Sleevi via dev-security-policy
On Thu, Mar 23, 2017 at 8:37 AM, Peter Kurrasch via dev-security-policy < dev-security-policy@lists.mozilla.org> wrote: > ‎I would be interested in knowing why Google felt it necessary to purchase > an existing root instead of, for example, pursuing a "new root" path along > the lines of what

Re: Google Trust Services roots

2017-03-23 Thread Peter Kurrasch via dev-security-policy
‎So this is the third of my 3 sets of criticisms regarding the acquisition of the GlobalSign roots by Google Trust Services. I apologize for the significant delay between the first 2 sets and this one. Hopefully people in the forum still feel this discussion relevant going forward even though