Re: [EXT] Mozilla requirements of Symantec

On 20/06/2017 09:05, Ryan Sleevi wrote: On Mon, Jun 19, 2017 at 7:01 PM, Jakob Bohm via dev-security-policy < dev-security-policy@lists.mozilla.org> wrote: NSS until fairly recently was in fact used for code signing of Firefox extensions using the public PKI (this is why there is a defunct

Re: [EXT] Mozilla requirements of Symantec

On Mon, Jun 19, 2017 at 7:01 PM, Jakob Bohm via dev-security-policy < dev-security-policy@lists.mozilla.org> wrote: > NSS until fairly recently was in fact used for code signing of Firefox > extensions using the public PKI (this is why there is a defunct code > signing trust bit in the NSS root

Re: [EXT] Mozilla requirements of Symantec

On 12/06/2017 22:12, Nick Lamb wrote: On Monday, 12 June 2017 17:31:58 UTC+1, Steve Medin wrote: We think it is critically important to distinguish potential removal of support for current roots in Firefox versus across NSS. Limiting Firefox trust to a subset of roots while leaving NSS

Re: [EXT] Mozilla requirements of Symantec

On Monday, 12 June 2017 17:31:58 UTC+1, Steve Medin wrote: > We think it is critically important to distinguish potential removal of > support for current roots in Firefox versus across NSS. Limiting Firefox > trust to a subset of roots while leaving NSS unchanged would avoid > unintentionally

RE: [EXT] Mozilla requirements of Symantec

> -Original Message- > From: Gervase Markham [mailto:g...@mozilla.org] > Sent: Wednesday, June 07, 2017 2:51 PM > To: Steve Medin <steve_me...@symantec.com>; mozilla-dev-security- > pol...@lists.mozilla.org > Cc: Kathleen Wilson <kwil...@mozilla.com> > Su

Re: Mozilla requirements of Symantec

On 08/06/2017 18:52, Peter Bowen wrote: On Thu, Jun 8, 2017 at 9:38 AM, Jakob Bohm via dev-security-policy wrote: As the linked proposal was worded (I am not on Blink mailing lists), it seemed obvious that the original timeline was: Later: Once the

Re: Mozilla requirements of Symantec

On Thu, Jun 8, 2017 at 9:38 AM, Jakob Bohm via dev-security-policy wrote: > > As the linked proposal was worded (I am not on Blink mailing lists), it > seemed obvious that the original timeline was: > > Later: Once the new roots are generally accepted,

Re: Mozilla requirements of Symantec

On 08/06/2017 11:09, Gervase Markham wrote: On 07/06/17 22:30, Jakob Bohm wrote: Potential clarification: By "New PKI", Mozilla apparently refers to the "Managed CAs", "Transition to a New Symantec PKI" and related parts of the plan, not to the "new roots" for the "modernized platform" / "new

Re: Mozilla requirements of Symantec

On 07/06/17 22:30, Jakob Bohm wrote: > Potential clarification: By "New PKI", Mozilla apparently refers to the > "Managed CAs", "Transition to a New Symantec PKI" and related parts of > the plan, not to the "new roots" for the "modernized platform" / "new > infrastructure". I expect those things

Re: Mozilla requirements of Symantec

Hi Gervase, there seems to be a slight inconsistency between the terminology in the plan posted at https://groups.google.com/a/chromium.org/d/msg/blink-dev/eUAKwjihhBs/ovLalSBRBQAJ And the official letter quoted below. I have added potential clarifications to fix this, please indicate, for

Mozilla requirements of Symantec

Hi Steve, I'm writing to you in your role as the Primary Point of Contact for Symantec with regard to the Mozilla Root Program. I am writing with a list of Mozilla-specific additions to the consensus remediation proposal for Symantec, as documented by Google. We note that you have raised a