Re: SSL.com root inclusion request

2017-10-12 Thread Andrew R. Whalley via dev-security-policy
Greetings, I have reviewed SSLcom_CP_CPS_Version_1_2_1 and made the following notes: 1.3. CA diagrams are useful, thanks. 1.3.2 "SSL.com may delegate the performance of *all or any* part of these requirements to a Delegated Third Party" though the BRs preclude sections 3.2.2.4 and 3.2.2.5. -

Re: TrustCor root inclusion request

2017-08-17 Thread Andrew R. Whalley via dev-security-policy
Thanks Neil, I've looked over the updated CP and CPS documents and have no further comments or questions. Cheers, Andrew On Tue, Aug 15, 2017 at 12:18 PM, Neil Dunbar via dev-security-policy < dev-security-policy@lists.mozilla.org> wrote: > Andrew, > > SHA-1 has been removed from the TrustCor

Re: TrustCor root inclusion request

2017-08-10 Thread Andrew R. Whalley via dev-security-policy
Greetings, I have reviewed TrustCor's CP and CPS (both at version 1.3.1) and made the following notes: *CP* (http://www.trustcor.ca/resources/cp.pdf) 1.6.3 1.6.4 Nit: Section 1.1 says that "Sections which do not apply to TrustCor CA, or where TrustCor CA makes no authoritative statement, will

Re: Symantec: Update

2017-05-10 Thread Andrew R. Whalley via dev-security-policy
On Wed, May 10, 2017 at 2:06 PM, mono.riot--- via dev-security-policy < dev-security-policy@lists.mozilla.org> wrote: > On Wednesday, May 10, 2017 at 7:59:37 PM UTC+2, Itzhak Daniel wrote: > > The next step, if Symantec wish to continue to use their current PKI in > the future, should be logging

Re: Guang Dong Certificate Authority (GDCA) root inclusion request

2017-05-09 Thread Andrew R. Whalley via dev-security-policy
Greetings, I've given the CP V1.6 and CPS V4.5 docs a quick looking through and have the following comments: * Please don't protect your PDFs for printing * https://SSLTEST-2.95105813.cn - which I believe should be revoked, has also expired. The revoked test cert should be otherwise valid and

Re: Include Renewed Kamu SM root certificate

2017-03-03 Thread Andrew R. Whalley via dev-security-policy
Hello, I've read though the English language version of CP/CPS dated March 30, 2016 version 1 and made the following notes: No version history at the front of the document. This not required, but is evidence of good document change management and is a useful reference to see what's changed when