The ticket is open since 3 months. This seems to be correct for everyone.
Is it possible to close it now ?
___
dev-security-policy mailing list
dev-security-policy@lists.mozilla.org
https://lists.mozilla.org/listinfo/dev-security-policy
Thank you very much for this analysis and the time past on our request.
You will find below additional information following your comments
---
> “CP and terms and conditions are publicly available in a read‐only manner.
> The
Just to let you know that CPSs for certificates that are not used for website
authentication will be available by January 15, 2018. CPS for SSL / TLS
certificates are already available in French and English versions.
Best regards
___
Le jeudi 27 avril 2017 15:22:27 UTC+2, Aaron Wu a écrit :
> This request from the Dhimyotis/Certigna is to include the SHA-256 ‘Certigna
> Root CA’ certificate and turn on the Websites and Email trust bits. This root
> certificate will eventually replace the SHA-1 ‘Certigna’ root certificate
>
We hope to have provided all the expected answers and documentation. Could you
please tell us if the processing of our integration request will progress.
Thank you for your reply.
Best regards.
___
dev-security-policy mailing list
Thank you very much Devon for this analysis and the time past on our request.
You will find below additional information. Sorry for the delay, I was on
vacation. The publication of the updated CP / CPS will be immediate, as soon as
you confirm that the level of detail is sufficient for you.
Just in addition, because the point was raised to us, we also take into account
the problem related to DNSSEC with the case where the zone is validly
DNSSEC-signed and our CAA query times out.
As mentioned above, the publication of the updated CP / CPS will be immediate,
as soon as you confirm
We confirm that no, this is not the case. This is what we said in the CP / CPS
because we thought that these constraints could be regularly encountered and
that it could be bad for the business, but as I said in our answer, the
controls to report the blocking cases were positioned since the
And just to clarify, when we specified this in the CP / CPS, we thought that
the document signed by a legal representative at the time of the certificate
request could be sufficient in terms of consent, and that despite our requests,
the applicant have not wished to update their CAA
Hello,
Thanks Wayne and Devon for your reply.
We took the time to respond because we wanted to verify through an audit that
the SSL certificate requests processed since September 8th were in compliance
with the CA/B Forum requirements for DNS CAA record checks.
In general, this has been the
The audit of our previous CAA check practices ensured that the CA/B Forum
requirements were met except for a single certificate for which the CA was not
authorized to issue according to the DNS CAA record.
This failure is related to our old practices that led to a control of the DNS
CAA
Hello,
Thank you for your contribution. We hope that the returns below will allow you
to better understand our past practices that led to the creation of this ticket.
It is important to remember that our CA is also subject to compliance with
national standards (e.g. RGS) which are more
We hope to have provided all the expected answers and documentation. Could you
please tell us if the processing of our integration request will progress.
Thank you for your reply.
Best regards.
___
dev-security-policy mailing list
Hello,
The decision was taken at one of our security committees where all changes and
developments that could impact the practices and compliance of our authority
are validated. This is why all the actors of these security committees have
been made aware of the incident and the fact that we
Hello
Thank you for your exchanges. We hope that the additions below will answer your
questions.
Was the action required to manually override the CAA validation failure
different from what would be required if the CAA validation had succeeded?
Could an operator have just "clicked the same
Hello
Thank you all for your feedback for which we have tried to provide additional
information below. Know that if necessary, you will also find the description
of our practices through the following links:
• our CPS :
* Services CA :
16 matches
Mail list logo
