Re: COVID-19 Policy (especially EKU Deadline of 1-July-2020)

2020-04-19 Thread Filippo Valsorda via dev-security-policy
I am also personally surprised and confused by this announcement. I could imagine of course incident reports being handled with more leniency when the details reveal that the health emergency contributed to the issue. I thought that was the point of the no exceptions policy, to push the CAs to

Re: COVID-19 Policy (especially EKU Deadline of 1-July-2020)

2020-04-19 Thread Jonathan Rudenberg via dev-security-policy
On Sun, Apr 19, 2020, at 17:41, Ben Wilson via dev-security-policy wrote: > Recently at least one CA has expressed concern about Action 3 of Mozilla's > January 2020 CA Communication [3] and enforcement of Section 5.2 of > Mozilla’s Root Store Policy Please have the CA post complete details of

Re: COVID-19 Policy (especially EKU Deadline of 1-July-2020)

2020-04-19 Thread Ryan Sleevi via dev-security-policy
On Sun, Apr 19, 2020 at 5:41 PM Ben Wilson via dev-security-policy < dev-security-policy@lists.mozilla.org> wrote: > Recently at least one CA has expressed concern about Action 3 of Mozilla's > January 2020 CA Communication [3] What CA? Transparency seems essential here, for the community, for

COVID-19 Policy (especially EKU Deadline of 1-July-2020)

2020-04-19 Thread Ben Wilson via dev-security-policy
Dear MDSP community, As you are aware from past discussions on this list, there has been a concern about the impact of COVID-19 on CA operations. COVID-19 continues to impact certain areas of the world more severely than others. For example, there has been a recent resurgence of COVID-19 in

Re: GTS - OCSP serving issue 2020-04-09

2020-04-19 Thread Ryan Sleevi via dev-security-policy
On Sun, Apr 19, 2020 at 6:13 AM Nick Lamb wrote: > It's possible that I'm confused somehow, but for me §9.16.3 of the BRs > does not have numbered item 5, and neither this nor §9.6.1 define > "contractual jeopardy" nor do they clear up why a subscriber would want > to shut down their service and

Re: GTS - OCSP serving issue 2020-04-09

2020-04-19 Thread Neil Dunbar via dev-security-policy
On 19/04/2020 11:13, Nick Lamb via dev-security-policy wrote: On Sat, 18 Apr 2020 22:57:03 -0400 Ryan Sleevi via dev-security-policy wrote: The Baseline Requirements address this. See 9.16.3 (particularly item 5) and 9.6.1 (6). For better or worse, the situation is as Neil described and

Re: GTS - OCSP serving issue 2020-04-09

2020-04-19 Thread Nick Lamb via dev-security-policy
On Sat, 18 Apr 2020 22:57:03 -0400 Ryan Sleevi via dev-security-policy wrote: > On Sat, Apr 18, 2020 at 6:39 PM Nick Lamb via dev-security-policy < > dev-security-policy@lists.mozilla.org> wrote: > > > What does "contractual jeopardy" mean here? > > The Baseline Requirements address this.