Re: Proposal: Make readable CPSes easier to find

On Tue, Apr 21, 2020 at 01:23:49AM -0400, Ryan Sleevi wrote: > On Mon, Apr 20, 2020 at 10:04 PM Matt Palmer via dev-security-policy < > dev-security-policy@lists.mozilla.org> wrote: > > 1. Make cPSuri mandatory > > We really don’t need to be stuffing everything into subscriber > certificates,

Re: Proposal: Make readable CPSes easier to find

On Mon, Apr 20, 2020 at 10:04 PM Matt Palmer via dev-security-policy < dev-security-policy@lists.mozilla.org> wrote: > A major difficulty I found in trying to report compromised keys to CAs was > in finding a reporting address to use. Now, by itself, that could be > solved > by making CCADB

Proposal: Make readable CPSes easier to find

A major difficulty I found in trying to report compromised keys to CAs was in finding a reporting address to use. Now, by itself, that could be solved by making CCADB reporting addresses be authoritative, but that would also require standardisation of reporting types, and it's a whole rabbit

Re: COVID-19 Policy (especially EKU Deadline of 1-July-2020)

On Sun, Apr 19, 2020 at 2:41 PM Ben Wilson via dev-security-policy < dev-security-policy@lists.mozilla.org> wrote: > Dear MDSP community, > > As you are aware from past discussions on this list, there has been a > concern about the impact of COVID-19 on CA operations. COVID-19 continues > to

Re: COVID-19 Policy (especially EKU Deadline of 1-July-2020)

(Posting in a personal capacity) I think everyone so far has made valid points about why this is unexpected, and a dangerous precedent to set going forward. That said I'd like to reiterate that this feels like rewarding undesirable behavior. The CAs that will benefit from an exemption,

Re: COVID-19 Policy (especially EKU Deadline of 1-July-2020)

Like others, I am concerned with the lack of transparency around this proposal. Many of the options under consideration would be a departure from Mozilla's no exceptions policy, which could have serious consequences that undermine trust in Mozilla's root program. This ought to require compelling

Re: Request to Include Microsec e-Szigno Root CA 2017 and to EV-enable Microsec e-Szigno Root CA 2009

Dear Ben, I confirm that Microsec will correct all issues in the CP and CPS documents as promised during the public discussion. Thanks to everyone who took the time to read Microsec CP and CPS and to comment on them. If there are no more comments on the content of our CP and CPS documents in