RE: [EXT] Symantec: Draft Proposal

> -Original Message- > From: dev-security-policy [mailto:dev-security-policy- > bounces+steve_medin=symantec@lists.mozilla.org] On Behalf Of > Gervase Markham via dev-security-policy > Sent: Monday, May 01, 2017 10:16 AM > To: mozilla-dev-security-pol...@lists.mozilla.org > Subject:

Re: Changing CCADB domains

On Wed, May 3, 2017 at 10:52 AM, Kathleen Wilson via dev-security-policy wrote: > All, > > I think it is time for us to change the domains that we are using for the > CCADB as follows. > > Change the links for... > > 1) CAs to login to the CCADB > from >

Re: Removing "Wildcard DV Certs" from Potentially Problematic Practices list

On Thursday, April 20, 2017 at 4:03:36 PM UTC+3, Gervase Markham wrote: > Mozilla also doesn't believe that it's the job of CAs to police phishing CAs should police as long as the browser gives positive reinforcement to the end-users when they access a [phishing] site. There were suggestions in

Re: Symantec: Draft Proposal

Gerv, Regarding your understanding of the “First Chrome Proposal”, which seems to have influenced your “Alternative” suggestions, some quick clarifications: (Wearing a Chrome/Google hat here) The first Chrome proposal was operating on the concern that a complete and total removal of trust

Re: Symantec: Draft Proposal

Hi all, This morning Symantec disclosed ~20 new intermediate certs. I went through these and identified 7 of them which are a) not revoked, b) not expired, c) lack a BR audit: https://crt.sh/?q=54EFD2977D89EDE24DDC3797CEB5A80668B3905788B58FB1AC6893EF4B78A24A

Re: Symantec: Draft Proposal

On 01/05/2017 16:16, Gervase Markham wrote: Here is my analysis and proposal for what actions the Mozilla CA Certificates module owner should take in respect of Symantec. https://docs.google.com/document/d/1RhDcwbMeqgE2Cb5e6xaPq-lUPmatQZwx3Sn2NPz9jF8/edit# Please discuss the document here in

Re: Changing CCADB domains

On Wednesday, May 3, 2017 at 1:21:29 PM UTC-7, Nick Lamb wrote: > If you believe there are, or are likely to be, CAs trying to fill out the > survey a bit late, it may make sense to wait for that before triggering this > change, so as to avoid the (it seems almost inevitable) response that they

Updating Root Program wiki pages

All, Gerv is leading the effort to clean up Mozilla's Root Store related wiki pages. The contents of https://wiki.mozilla.org/CA:Overview have been moved to https://wiki.mozilla.org/CA and cleaned up. The previous contents of https://wiki.mozilla.org/CA have been moved to

Re: Policy 2.5 Proposal: Remove the bullet about "fraudulent use"

On 03/05/2017 17:45, Peter Kurrasch wrote: Perhaps a different way to pose the questions here is whether Mozilla wants to place any expectations on the CA's regarding fraud and the prevention thereof. Expectations beyond what the BR's address, that is. Some examples: ‎- Minimal expectation,

Re: Policy 2.5 Proposal: Indicate direction of travel with respect to permitted domain validation methods

On 03/05/17 21:31, Han Yuwei wrote: > A question:How would a domain holder express denial for certain certificate > requests? Please can you post new questions as new threads rather than as replies to existing threads on another topic? The answer to your question is that they can define which