Re: Audit Letter Validation (ALV) on intermediate certs in CCADB

On Mon, 25 Nov 2019 14:12:46 -0800 Kathleen Wilson via dev-security-policy wrote: > CAs should have been keeping track of and resolving their own known > problems in regards to not fully following the BRs and Mozilla > policy. For example, I expect that a situation in which I responded > with

Re: [EXTERNAL] Re: INC8119596 Other | Entrust Certs and DHS

Yeah, there's something amiss with how you're analyzing the issue here - whether an entrust.com or entrust.net domain is in use shouldn't matter. More generally, Mozilla is unlikely to add any root certificates whose expected uses don't contain a significant public-facing component. The root

Re: Proposal: Add section 5.1 to the Common CCADB Policy

On Tuesday, 26 November 2019 16:53:21 UTC, Kathleen Wilson wrote: > The proposed section to add to the CCADB Policy (www.ccadb.org/policy) > has been updated and is here: > > https://github.com/mozilla/www.ccadb.org/issues/33#issuecomment-558714086 Typo in "Format Specifications for SHA-256

Re: Proposal: Add section 5.1 to the Common CCADB Policy

All, The proposed section to add to the CCADB Policy (www.ccadb.org/policy) has been updated and is here: https://github.com/mozilla/www.ccadb.org/issues/33#issuecomment-558714086 This is the last call for feedback on it. Thanks, Kathleen ___

RE: [EXTERNAL] Re: INC8119596 Other | Entrust Certs and DHS

Peter, DHS is only using Mozilla’s trust store for determining trust. They are not using a government-based trust store. We talked to Entrust last week. Entrust was creating certificates with “entrust.net” as the old way. Recently, Entrust has been generating certificates with