Re: [EXT] Mozilla requirements of Symantec

2017-06-20 Thread Jakob Bohm via dev-security-policy
On 20/06/2017 09:05, Ryan Sleevi wrote: On Mon, Jun 19, 2017 at 7:01 PM, Jakob Bohm via dev-security-policy < dev-security-policy@lists.mozilla.org> wrote: NSS until fairly recently was in fact used for code signing of Firefox extensions using the public PKI (this is why there is a defunct

Re: [EXT] Mozilla requirements of Symantec

2017-06-20 Thread Ryan Sleevi via dev-security-policy
On Mon, Jun 19, 2017 at 7:01 PM, Jakob Bohm via dev-security-policy < dev-security-policy@lists.mozilla.org> wrote: > NSS until fairly recently was in fact used for code signing of Firefox > extensions using the public PKI (this is why there is a defunct code > signing trust bit in the NSS root

Re: [EXT] Mozilla requirements of Symantec

2017-06-19 Thread Jakob Bohm via dev-security-policy
On 12/06/2017 22:12, Nick Lamb wrote: On Monday, 12 June 2017 17:31:58 UTC+1, Steve Medin wrote: We think it is critically important to distinguish potential removal of support for current roots in Firefox versus across NSS. Limiting Firefox trust to a subset of roots while leaving NSS

Re: [EXT] Mozilla requirements of Symantec

2017-06-12 Thread Nick Lamb via dev-security-policy
On Monday, 12 June 2017 17:31:58 UTC+1, Steve Medin wrote: > We think it is critically important to distinguish potential removal of > support for current roots in Firefox versus across NSS. Limiting Firefox > trust to a subset of roots while leaving NSS unchanged would avoid > unintentionally

RE: [EXT] Mozilla requirements of Symantec

2017-06-12 Thread Steve Medin via dev-security-policy
> -Original Message- > From: Gervase Markham [mailto:g...@mozilla.org] > Sent: Wednesday, June 07, 2017 2:51 PM > To: Steve Medin <steve_me...@symantec.com>; mozilla-dev-security- > pol...@lists.mozilla.org > Cc: Kathleen Wilson <kwil...@mozilla.com> > Su