On Thu, Aug 22, 2019 at 12:46 AM Jeremy Rowley via dev-security-policy <
dev-security-policy@lists.mozilla.org> wrote:
> Hey all,
>
> An interesting issue came up recently with audits. Because the Mozilla
> policy includes some requirements that diverge from the BRs, the audit
> criteria don't
Full disclosure - this was not my idea, but I thought it was a really good one
and worth bringing up here.
-Original Message-
From: dev-security-policy On
Behalf Of Jeremy Rowley via dev-security-policy
Sent: Wednesday, August 21, 2019 10:46 PM
To: mozilla-dev-security-policy
Subject:
Hey all,
An interesting issue came up recently with audits. Because the Mozilla policy
includes some requirements that diverge from the BRs, the audit criteria don't
necessarily cover everything Mozilla cares about. Thus, it's possible to have
an incident that doesn't show up on an audit. It's
I've recently shared some choice words with several CAs over their Incident
Reporting process, highlighting to them how their approach is seriously
undermining trust in their CA and the operations.
While https://wiki.mozilla.org/CA/Responding_To_An_Incident provides
Guidance on the minimum
(Apologies if this triple or quadruple posts. There appears to be some
hiccups somewhere along the line between my mail server and the m.d.s.p.
mail server)
I've recently shared some choice words with several CAs over their Incident
Reporting process, highlighting to them how their approach is
(Apologies if this double posts; (my || the) e-mail gateway seems to be having
some trouble so I'm trying this through the Google Groups interface)
I've recently shared some choice words with several CAs over their Incident
Reporting process, highlighting to them how their approach is seriously
(resending because the first attempt was not posted to the list)
Mozilla has announced our response to the Kazakhstan MITM:
https://blog.mozilla.org/blog/2019/08/21/mozilla-takes-action-to-protect-users-in-kazakhstan/
and
(Apologies if this triple or quadruple posts. There appears to be some
hiccups somewhere along the line between my mail server and the m.d.s.p.
mail server and the Google Groups reflector)
I've recently shared some choice words with several CAs over their Incident
Reporting process, highlighting
Mozilla has announced our response to the Kazakhstan MITM:
https://blog.mozilla.org/blog/2019/08/21/mozilla-takes-action-to-protect-users-in-kazakhstan/
and
https://blog.mozilla.org/security/2019/08/21/protecting-our-users-in-kazakhstan/
Note: we're in the process of adding the "Qaznet" root
(From my personal point of view)
I read Google’s paper[1].
For me, that paper’s result could be hypothesized like “some people do care
about some information, which is written in EV but not in DV”.
That is…
(A) If you click EV indicator, you will able to get more information about
identity
On Monday, 19 August 2019 17:26:06 UTC+3, Mathew Hodson wrote:
[...]
> If these situations were common, it could create a chilling effect on
> problem reporting that would hurt the WebPKI ecosystem. Are specific
> procedures and handling of contact information in these situations
> covered by the
11 matches
Mail list logo
