On 13/02/17 23:53, Wayne Thayer wrote:
> Gerv - this makes sense and it is GoDaddy's intent to perform these steps
> within 3 months.
No significant objections have been put forward about this action plan,
and so I have filed a Bugzilla bug to track GoDaddy's implementation:
https://bugzilla.mozi
On 13/02/17 23:13, Santhan Raj wrote:
> One thing to highlight here is that the WebTrust audits are performed
> against the BRs and not against the root program requirements.
This is true, although (apart from the relative importance of domain
validation) this is similarly true of many items in t
> -Original Message-
> From: dev-security-policy [mailto:dev-security-policy-
> bounces+wthayer=godaddy@lists.mozilla.org] On Behalf Of Gervase
> Markham via dev-security-policy
> Here is our proposed remediation plan for GoDaddy.
>
> 1) As with all CAs, update all their domain valid
On Monday, February 13, 2017 at 3:14:06 PM UTC-8, Santhan Raj wrote:
> On Monday, February 13, 2017 at 4:22:34 AM UTC-8, Gervase Markham wrote:
>
> > That is why, despite some IPR-related tangles, Mozilla will be requiring
> > in its next CA Communication that all CAs move to using only those
> >
On Monday, February 13, 2017 at 4:22:34 AM UTC-8, Gervase Markham wrote:
> That is why, despite some IPR-related tangles, Mozilla will be requiring
> in its next CA Communication that all CAs move to using only those
> documented methods in a fairly short timeframe, regardless of what the
> BRs sa
On 13/02/17 16:41, Nick Lamb wrote:
> GoDaddy came up with). Thus, even though some of the methods from
> Ballot 169 are not included in the Baseline Requirements today,
> Mozilla intends to oblige root programme members to pick from those
> ten methods.
Yes. And this is permitted by the BRs becau
On 13/02/17 14:34, Nick Lamb wrote:
> I don't think Ballot 169 represents best practices per se. Instead as
> with the rest of the Baseline Requirements what we have here are
> _minimums_, we aren't asking that CAs should do no more than what is
> described, but that they must do at least what is d
On 13/02/2017 16:15, Jürgen Brauckmann via dev-security-policy wrote:
> Gervase Markham via dev-security-policy schrieb:
>> 1) As with all CAs, update all their domain validation code to use one
>> of the 10 approved methods;
>
> I'm probably confused regarding BRs pre/post Ballot 181: Aren't ther
On Monday, 13 February 2017 15:15:47 UTC, Jürgen Brauckmann wrote:
> I'm probably confused regarding BRs pre/post Ballot 181: Aren't there
> only 4 methods per Ballot 181?
>
> Jürgen
Ballot 169 identified exactly 10 methods. Although this ballot passed
unanimously, meaning that both CA members
Gervase Markham via dev-security-policy schrieb:
> 1) As with all CAs, update all their domain validation code to use one
> of the 10 approved methods;
I'm probably confused regarding BRs pre/post Ballot 181: Aren't there
only 4 methods per Ballot 181?
Jürgen
_
On Monday, 13 February 2017 12:22:34 UTC, Gervase Markham wrote:
> This is why the CAB Forum has been working for
> some time on carefully documenting best practice in domain validation,
> and passed ballot 169 to incorporate them into the Baseline
> Requirements. The problem experienced by GoDadd
As members of the group will be aware, last month GoDaddy filed an
incident report concerning a problem with their domain validation system.
Domain validation is the most important task a CA can undertake, any any
flaws in it are serious. This is why the CAB Forum has been working for
some time on
12 matches
Mail list logo
