On Thu, Feb 9, 2017 at 9:56 PM, Richard Wang via dev-security-policy
wrote:
> I can't see this sentence
> " I highlight this because we (the community) see the occasional remark like
> this; most commonly, it's directed at organizations in particular
-security-policy
Sent: Friday, February 10, 2017 1:10 PM
To: Gervase Markham <g...@mozilla.org>
Cc: mozilla-dev-security-pol...@lists.mozilla.org
Subject: Re: Public disclosure of root ownership transfers (was: Re: Google
Trust Services roots)
On Thu, Feb 9, 2017 at 7:41 AM, Gervase Markham v
@lists.mozilla.org] On
Behalf Of Ryan Sleevi via dev-security-policy
Sent: Friday, February 10, 2017 12:43 PM
To: Jakob Bohm <jb-mozi...@wisemo.com>
Cc: mozilla-dev-security-pol...@lists.mozilla.org
Subject: Re: Google Trust Services roots
On Thu, Feb 9, 2017 at 3:39 PM, Jakob Bohm via dev-se
On Thu, Feb 9, 2017 at 7:41 AM, Gervase Markham via
dev-security-policy wrote:
> On 09/02/17 14:32, Gijs Kruitbosch wrote:
>> Would Mozilla's root program consider changing this requirement so that
>> it *does* require public disclosure, or are there
On Thu, Feb 9, 2017 at 3:39 PM, Jakob Bohm via dev-security-policy <
dev-security-policy@lists.mozilla.org> wrote:
>
> Additional issue #2: The information at https://pki.goog/ about how to
> report misissuance directs visitors to a generic reporting page for
> code vulnerabilities, which (by
On 09/02/2017 20:55, Ryan Hurst wrote:
Peter,
Thank you very much for your, as always, thorough review.
Let me start by saying I agree there is an opportunity for improving the
policies around how key transfers such your recent transfer and Google's are
handled.
It is my hope we can,
Ryan,
Thank you for the quick reply. My comments and questions are inline.
On Thu, Feb 9, 2017 at 11:55 AM, Ryan Hurst via dev-security-policy
wrote:
> Peter,
>
> Thank you very much for your, as always, thorough review.
>
> Let me start by saying I agree
Peter,
Thank you very much for your, as always, thorough review.
Let me start by saying I agree there is an opportunity for improving the
policies around how key transfers such your recent transfer and Google's are
handled.
It is my hope we can, through our respective recent experiences
Peter,
Thank you very much for your, as always, thorough review.
Let me start by saying I agree there is an opportunity for improving the
policies around how key transfers such your recent transfer and Google's
are handled.
It is my hope we can, through our respective recent experiences
On 09/02/17 14:32, Gijs Kruitbosch wrote:
> Would Mozilla's root program consider changing this requirement so that
> it *does* require public disclosure, or are there convincing reasons not
> to? At first glance, it seems like 'guiding' CAs towards additional
> transparency in the CA
101 - 110 of 110 matches
Mail list logo