Having received no further comments, I am recommending approval of
Certigna's inclusion request.
I would first like to thank Certigna for their patience as this request
spent a long time waiting on Mozilla.
The disregard for CAB Forum requirements shown by Certigna's CAA exception
process is a ve
On Wed, Oct 24, 2018 at 3:02 PM David E. Ross via dev-security-policy <
dev-security-policy@lists.mozilla.org> wrote:
> On 10/24/2018 1:07 PM, Wayne Thayer wrote:
> > On Tue, Oct 23, 2018 at 1:46 PM David E. Ross via dev-security-policy <
> > dev-security-policy@lists.mozilla.org> wrote:
> >
> >>
On 10/24/2018 1:07 PM, Wayne Thayer wrote:
> On Tue, Oct 23, 2018 at 1:46 PM David E. Ross via dev-security-policy <
> dev-security-policy@lists.mozilla.org> wrote:
>
>> On 10/23/2018 11:45 AM, Wayne Thayer wrote:
>>> I believe that the discussion over Certigna's reported CAA misissuance
>>> [1][2
On Tue, Oct 23, 2018 at 1:46 PM David E. Ross via dev-security-policy <
dev-security-policy@lists.mozilla.org> wrote:
> On 10/23/2018 11:45 AM, Wayne Thayer wrote:
> > I believe that the discussion over Certigna's reported CAA misissuance
> > [1][2] has reached an end, even though some questions r
On 10/23/2018 11:45 AM, Wayne Thayer wrote:
> I believe that the discussion over Certigna's reported CAA misissuance
> [1][2] has reached an end, even though some questions remain unanswered. If
> anyone has additional comments or concerns about this inclusion request,
> please respond by Friday 26
I believe that the discussion over Certigna's reported CAA misissuance
[1][2] has reached an end, even though some questions remain unanswered. If
anyone has additional comments or concerns about this inclusion request,
please respond by Friday 26-October. This request [3] has been in
discussion si
On Tue, Sep 11, 2018 at 12:37 AM josselin.allemandou--- via
dev-security-policy wrote:
> Hello,
>
> Thanks Wayne and Devon for your reply.
>
> We took the time to respond because we wanted to verify through an audit
> that the SSL certificate requests processed since September 8th were in
> compl
Hello,
Thanks Wayne and Devon for your reply.
We took the time to respond because we wanted to verify through an audit that
the SSL certificate requests processed since September 8th were in compliance
with the CA/B Forum requirements for DNS CAA record checks.
In general, this has been the c
On Wednesday, August 22, 2018 at 2:10:06 AM UTC-7, josselin@gmail.com wrote:
> Thank you very much Devon for this analysis and the time past on our request.
>
> You will find below additional information. Sorry for the delay, I was on
> vacation. The publication of the updated CP / CPS will
Thank you for your response.
On Wed, Aug 22, 2018 at 11:51 AM josselin.allemandou--- via
dev-security-policy wrote:
> We confirm that no, this is not the case. This is what we said in the CP /
> CPS because we thought that these constraints could be regularly
> encountered and that it could be b
And just to clarify, when we specified this in the CP / CPS, we thought that
the document signed by a legal representative at the time of the certificate
request could be sufficient in terms of consent, and that despite our requests,
the applicant have not wished to update their CAA registration
We confirm that no, this is not the case. This is what we said in the CP / CPS
because we thought that these constraints could be regularly encountered and
that it could be bad for the business, but as I said in our answer, the
controls to report the blocking cases were positioned since the begi
On Wed, Aug 22, 2018 at 2:10 AM josselin.allemandou--- via
dev-security-policy wrote:
>
>
>
> CPS Section 4.2.1: If the request is valid and allows to obtain with
> accuracy the authorization to issue the certificate by
Just in addition, because the point was raised to us, we also take into account
the problem related to DNSSEC with the case where the zone is validly
DNSSEC-signed and our CAA query times out.
As mentioned above, the publication of the updated CP / CPS will be immediate,
as soon as you confirm
Thank you very much Devon for this analysis and the time past on our request.
You will find below additional information. Sorry for the delay, I was on
vacation. The publication of the updated CP / CPS will be immediate, as soon as
you confirm that the level of detail is sufficient for you.
T
Hello,
Based on the updated documentation, I've compiled the following questions for
clarification:
CPS Section 1.4.2 states "Unless stated otherwise, in this document, “RA”
covers the Registration Authority and Delegate Registration Authorities."
CPS Section 3.2 calls out DRAs ab
Hello,
This request will be rejected or will be pending?
Enjoy,
Andrew.
___
dev-security-policy mailing list
dev-security-policy@lists.mozilla.org
https://lists.mozilla.org/listinfo/dev-security-policy
We hope to have provided all the expected answers and documentation. Could you
please tell us if the processing of our integration request will progress.
Thank you for your reply.
Best regards.
___
dev-security-policy mailing list
dev-security-polic
We hope to have provided all the expected answers and documentation. Could you
please tell us if the processing of our integration request will progress.
Thank you for your reply.
Best regards.
___
dev-security-policy mailing list
dev-security-policy@l
Le jeudi 27 avril 2017 15:22:27 UTC+2, Aaron Wu a écrit :
> This request from the Dhimyotis/Certigna is to include the SHA-256 ‘Certigna
> Root CA’ certificate and turn on the Websites and Email trust bits. This root
> certificate will eventually replace the SHA-1 ‘Certigna’ root certificate
> t
Just to let you know that CPSs for certificates that are not used for website
authentication will be available by January 15, 2018. CPS for SSL / TLS
certificates are already available in French and English versions.
Best regards
___
dev-security-polic
Thank you very much for this analysis and the time past on our request.
You will find below additional information following your comments
---
> “CP and terms and conditions are publicly available in a read‐only manner.
> The C
Certigna BR Review
Adding onto Nick’s suggestions, here are some notes from my review of this
application request:
Noteworthy good aspects:
- The supplied PKI diagrams are clear and useful for understanding the
hierarchy and purpose of each CA. Thank you for providing this.
- CPs are in RFC 3
Thank you very much Nick for this analysis and the time past on our request.
You will find below additional information. The publication of the updated CP /
CPS will be immediate, as soon as you confirm that the level of detail is
sufficient for you.
Thank you in advance for your help and your
Thanks Kathleen,
I have briefly inspected this BR Self Assessment document. Nothing terrifying
leaped out at me that would lead me to ask that Mozilla deny the renewal,
however I did find things worth mentioning here.
The only listed 3.2.2.4 method is 3.2.2.4.5, Domain Authorization Document.
> This request from the Dhimyotis/Certigna is to include the
> SHA-256 ‘Certigna Root CA’ certificate and turn on the
> Websites and Email trust bits. This root certificate will
> eventually replace the SHA-1 ‘Certigna’ root certificate
> that was included via Bugzilla #393166.
> ...
> The req
The ticket is open since 3 months. This seems to be correct for everyone.
Is it possible to close it now ?
___
dev-security-policy mailing list
dev-security-policy@lists.mozilla.org
https://lists.mozilla.org/listinfo/dev-security-policy
All,
I will greatly appreciate your help in reviewing and commenting on this root
inclusion request from Certigna.
Thanks,
Aaron
___
dev-security-policy mailing list
dev-security-policy@lists.mozilla.org
https://lists.mozilla.org/listinfo/dev-security-
This request from the Dhimyotis/Certigna is to include the SHA-256 ‘Certigna
Root CA’ certificate and turn on the Websites and Email trust bits. This root
certificate will eventually replace the SHA-1 ‘Certigna’ root certificate that
was included via Bugzilla #393166.
Dhimyotis, t e name of th
29 matches
Mail list logo
