> -Original Message-
> From: dev-security-policy [mailto:dev-security-policy-
> firstname.lastname@example.org] On Behalf Of
> Gervase Markham via dev-security-policy
> Sent: Monday, May 01, 2017 10:16 AM
> To: mozilla-dev-security-pol...@lists.mozilla.org
On Wed, May 3, 2017 at 10:52 AM, Kathleen Wilson via
> I think it is time for us to change the domains that we are using for the
> CCADB as follows.
> Change the links for...
> 1) CAs to login to the CCADB
On Thursday, April 20, 2017 at 4:03:36 PM UTC+3, Gervase Markham wrote:
> Mozilla also doesn't believe that it's the job of CAs to police phishing
CAs should police as long as the browser gives positive reinforcement to the
end-users when they access a [phishing] site.
There were suggestions in
Regarding your understanding of the “First Chrome Proposal”, which seems to
have influenced your “Alternative” suggestions, some quick clarifications:
(Wearing a Chrome/Google hat here)
The first Chrome proposal was operating on the concern that a complete and
total removal of trust
This morning Symantec disclosed ~20 new intermediate certs. I went through
these and identified 7 of them which are a) not revoked, b) not expired, c)
lack a BR audit:
On 01/05/2017 16:16, Gervase Markham wrote:
Here is my analysis and proposal for what actions the Mozilla CA
Certificates module owner should take in respect of Symantec.
Please discuss the document here in
On Wednesday, May 3, 2017 at 1:21:29 PM UTC-7, Nick Lamb wrote:
> If you believe there are, or are likely to be, CAs trying to fill out the
> survey a bit late, it may make sense to wait for that before triggering this
> change, so as to avoid the (it seems almost inevitable) response that they
Gerv is leading the effort to clean up Mozilla's Root Store related wiki pages.
The contents of https://wiki.mozilla.org/CA:Overview have been moved to
https://wiki.mozilla.org/CA and cleaned up.
The previous contents of https://wiki.mozilla.org/CA have been moved to
On 03/05/2017 17:45, Peter Kurrasch wrote:
Perhaps a different way to pose the questions here is whether Mozilla
wants to place any expectations on the CA's regarding fraud and the
prevention thereof. Expectations beyond what the BR's address, that is.
- Minimal expectation,
On 03/05/17 21:31, Han Yuwei wrote:
> A question:How would a domain holder express denial for certain certificate
Please can you post new questions as new threads rather than as replies
to existing threads on another topic?
The answer to your question is that they can define which
Mail list logo