On Mon, Oct 21, 2019 at 7:58 PM Wayne Thayer wrote:
> The CA MUST verify all e-mail addresses using a process that is
>> substantially similar to the process used to verify domain names, as
>> described in the Baseline Requirements.
>>
>
> This seems problematic because it could be interpreted as
Here are the proposed changes:
* Reinstate Mozilla's revocation requirements for S/MIME certificates:
https://github.com/mozilla/pkipolicy/commit/e6337bb76a4522da15aeb7c0862b6cc05d317814
(replacing the original 2.7 proposal with the older Root Store policy
requirements)
* Require revocation when a
On Sat, Oct 5, 2019 at 6:32 AM Ryan Sleevi via dev-security-policy <
dev-security-policy@lists.mozilla.org> wrote:
> Thanks Jeremy, Dimitris,
>
> It does help clarify. I think we're all on the same page: namely, in all
> cases, the CA does the validation of (at minimum) the domain portion.
>
> I t
I've gone ahead and moved the effective date of this policy back to July 1,
2020:
https://github.com/mozilla/pkipolicy/commit/7a879fe371844d265c484a8f0ce40fd255967c13
On Wed, Oct 2, 2019 at 6:04 PM Jeremy Rowley
wrote:
> I'm surprised any CA has heartburn over the EKU changes. Microsoft has
> re
4 matches
Mail list logo