Re: Policy 2.5 Proposal: Remove the bullet about "fraudulent use"

the entity controlling exampLe.com. And vice versa. Note that "High Risk Certificate Requests" can still be fulfilled, they just require extra checks of their legitimacy, as per BR 4.2.1. *From: *Gervase Markham *Sent: *Tuesday, May 2, 2017 5:46 AM *To: *Peter Kurrasch; mozilla-d

Re: Policy 2.5 Proposal: Remove the bullet about "fraudulent use"

On 03/05/17 16:45, Peter Kurrasch wrote: > Perhaps a different way to pose the questions here is whether Mozilla > wants to place any expectations on the CA's regarding fraud and the > prevention thereof. You need to be more specific, because there are lots of different ways a system can have

Re: Policy 2.5 Proposal: Remove the bullet about "fraudulent use"

From: Gervase MarkhamSent: Tuesday, May 2, 2017 5:46 AMTo: Peter Kurrasch; mozilla-dev-security-pol...@lists.mozilla.orgSubject: Re: Policy 2.5 Proposal: Remove the bullet about "fra

Re: Policy 2.5 Proposal: Remove the bullet about "fraudulent use"

thanks 发自网易邮箱大师 在2017年05月03日 10:15，Jakob Bohm via dev-security-policy 写道： On 02/05/2017 12:46, Gervase Markham wrote: > On 02/05/17 01:55, Peter Kurrasch wrote: >> I was thinking that fraud takes many forms generally speaking and that >> the PKI space is no different. Given that Mozilla (and

Re: Policy 2.5 Proposal: Remove the bullet about "fraudulent use"

On 02/05/17 01:55, Peter Kurrasch wrote: > I was thinking that fraud takes many forms generally speaking and that > the PKI space is no different. Given that Mozilla (and everyone else) > work very hard to preserve the integrity of the global PKI and that the > PKI itself is an important tool to

Re: Policy 2.5 Proposal: Remove the bullet about "fraudulent use"

:49 AMTo: Peter Kurrasch; mozilla-dev-security-pol...@lists.mozilla.orgSubject: Re: Policy 2.5 Proposal: Remove the bullet about "fraudulent use"On 01/05/17 16:28, Peter Kurrasch wrote:> Gerv, does this leave the Mozilla policy with no position statement regarding fraud in the global PK

Re: Policy 2.5 Proposal: Remove the bullet about "fraudulent use"

: Policy 2.5 Proposal: Remove the bullet about "fraudulent use" On 20/04/17 14:39, Gervase Markham wrote: > So I propose removing it, and reformatting the section accordingly. Edit made as proposed. Gerv ___ dev-security-policy mailing list

Re: Policy 2.5 Proposal: Remove the bullet about "fraudulent use"

On 20/04/17 14:39, Gervase Markham wrote: > So I propose removing it, and reformatting the section accordingly. Edit made as proposed. Gerv ___ dev-security-policy mailing list dev-security-policy@lists.mozilla.org

Re: Policy 2.5 Proposal: Remove the bullet about "fraudulent use"

I strongly support removing any ambiguity about CAs not being required to police certificate issuance, and agree on the unuseful level of subjectivity that would be present in any attempt to enforce this clause. -- Eric On Thu, Apr 20, 2017 at 7:11 PM, Matt Palmer via dev-security-policy <

Re: Policy 2.5 Proposal: Remove the bullet about "fraudulent use"

+1 to what sounds like a perfectly reasonable position ___ dev-security-policy mailing list dev-security-policy@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-security-policy

Policy 2.5 Proposal: Remove the bullet about "fraudulent use"

Section 7.1 of the policy says that we reserve the right not to include certificates from a CA which has: "knowingly issue certificates that appear to be intended for fraudulent use." There are a few problems with this. * It's only in the inclusion section. * It's really subjective - how could