On Friday, March 9, 2018 at 10:30:18 PM UTC+1, Ryan Sleevi wrote:
> On Tue, Feb 27, 2018 at 4:17 PM, Wayne Thayer via dev-security-policy <
> dev-security-policy@lists.mozilla.org> wrote:
>
> > This request has been in public discussion for more than 6 months, so I
> > would like to make a decisio
In addition to the issues Ryan has listed, during the root inclusion
process multiple issues with their OCSP responder and CRL endpoints were
observed and fixed only after the flaws were documented in the bug (
https://bugzilla.mozilla.org/show_bug.cgi?id=1233645).
I believe any CA seeking inclusi
On Tue, Feb 27, 2018 at 4:17 PM, Wayne Thayer via dev-security-policy <
dev-security-policy@lists.mozilla.org> wrote:
> This request has been in public discussion for more than 6 months, so I
> would like to make a decision soon. If you have comments or concerns with
> this request, please post th
On Tue, Mar 6, 2018 at 4:45 AM, ramirommunoz--- via dev-security-policy <
dev-security-policy@lists.mozilla.org> wrote:
>
> 1 * The inclusion request references a much older CPS [3] that doesn't
> list the 2016 versions of these roots or comply with current policies. I
> only reviewed the newer CP
On Tuesday, March 6, 2018 at 3:45:47 AM UTC-8, ramiro...@gmail.com wrote:
> Hi Wyne
> here our answers to the ==Bad== issues we are working on the ==Meh== ones.
>
> 1 * The inclusion request references a much older CPS [3] that doesn't list
> the 2016 versions of these roots or comply with curren
The ccadb.org site is now https.
Please let me know if you run into any problems with the ccadb.org site.
Thanks for your patience.
Kathleen
___
dev-security-policy mailing list
dev-security-policy@lists.mozilla.org
https://lists.mozilla.org/listinfo/
Every year the ca root will gave the official annual audit to mozilla who prove
the respect of norms. this audits made from a recognized auditors
___
dev-security-policy mailing list
dev-security-policy@lists.mozilla.org
https://lists.mozilla.org/listinf
Every year the ca root will gave the official annual audit to mozilla who prove
the respect of norms. this audits made from a recognized auditors
___
dev-security-policy mailing list
dev-security-policy@lists.mozilla.org
https://lists.mozilla.org/listinf
the risk still exists. for example a root ca included in mozilla and generates
nonconforming certificates. what to do???
___
dev-security-policy mailing list
dev-security-policy@lists.mozilla.org
https://lists.mozilla.org/listinfo/dev-security-policy
Is a good idea to limited the ca root at first at code country or the TLD of
this country like .tr for turkey or .fr for France
In second step this ca root put the new request for they other domain or code
and this request take a profond and enforced check like 2 years of period.
10 matches
Mail list logo