Re: Policy 2.6 Proposal: Audit requirements for new subCA certificates

To close out discussion on this issue, I've updated the change by removing the requirement to list each subCA certificate in the CPS: https://github.com/mozilla/pkipolicy/commit/1bdcd53baf2e8b9006a5e13923ce3d66eeff927e - Wayne On Mon, Apr 16, 2018 at 4:51 PM, Wayne Thayer

Re: Policy 2.6 Proposal: Audit requirements for new subCA certificates

On Wed, Apr 11, 2018 at 3:49 PM, Wayne Thayer wrote: > As an alternative to requiring newly-issued subCA Certificates to be > listed in the relevant CP/CPS prior to issuing certificates, would it be > reasonable for Mozilla to require the Certificate Policies extension in >

Re: Policy 2.6 Proposal: Audit requirements for new subCA certificates

[mailto:wtha...@mozilla.com] > *Sent:* Thursday, April 5, 2018 1:56 PM > *To:* Ben Wilson <ben.wil...@digicert.com> > *Cc:* Dimitris Zacharopoulos <ji...@it.auth.gr>; r...@sleevi.com; > mozilla-dev-security-policy <mozilla-dev-security-pol...@lists.mozilla.org > > &

RE: Policy 2.6 Proposal: Audit requirements for new subCA certificates

om; mozilla-dev-security-policy <mozilla-dev-security-pol...@lists.mozilla.org> Subject: Re: Policy 2.6 Proposal: Audit requirements for new subCA certificates On Thu, Apr 5, 2018 at 12:05 PM, Ben Wilson <ben.wil...@digicert.com <mailto:ben.wil...@digicert.com> > wrote: If I c

RE: Policy 2.6 Proposal: Audit requirements for new subCA certificates

Zacharopoulos via dev-security-policy Sent: Thursday, April 5, 2018 12:56 PM To: r...@sleevi.com Cc: mozilla-dev-security-policy <mozilla-dev-security-pol...@lists.mozilla.org>; Wayne Thayer <wtha...@mozilla.com> Subject: Re: Policy 2.6 Proposal: Audit requirements for new subCA certificates O

Re: Policy 2.6 Proposal: Audit requirements for new subCA certificates

On 5/4/2018 9:00 μμ, Ryan Sleevi via dev-security-policy wrote: On Thu, Apr 5, 2018 at 5:20 AM, Dimitris Zacharopoulos via dev-security-policy wrote: On 5/4/2018 12:02 πμ, Wayne Thayer via dev-security-policy wrote: In a recent discussion [1] we

Re: Policy 2.6 Proposal: Audit requirements for new subCA certificates

On Thu, Apr 5, 2018 at 5:20 AM, Dimitris Zacharopoulos via dev-security-policy wrote: > On 5/4/2018 12:02 πμ, Wayne Thayer via dev-security-policy wrote: > >> In a recent discussion [1] we decided to clarify the audit requirements >> for >> new subordinate

Policy 2.6 Proposal: Audit requirements for new subCA certificates

In a recent discussion [1] we decided to clarify the audit requirements for new subordinate CA certificates. I’ve drafted a change that requires the new certificate to appear in the next periodic audits and in the CP/CPS prior to issuance: