On Fri, Apr 20, 2018 at 12:33 PM, Wayne Thayer wrote:
> At this point we have a few choices:
>
> 1. Do nothing about requiring email as a problem reporting mechanism.
> Instead, take on the related issues of disclosure of the reporting
> mechanism and receipt confirmation in
At this point we have a few choices:
1. Do nothing about requiring email as a problem reporting mechanism.
Instead, take on the related issues of disclosure of the reporting
mechanism and receipt confirmation in Mozilla policy, via the CAB Forum, or
both.
2. Go ahead with the proposal to require
On 04/18/2018 10:51 PM, Dimitris Zacharopoulos via dev-security-policy
wrote:
>> 1 - it's easier. I have seen CAs use generic "support request" forms that
>> are difficult to decipher, especially when not in one's native language.
>> 2 - It scales better. When someone is trying to report the same
On 18/4/2018 9:50 μμ, Wayne Thayer via dev-security-policy wrote:
On Wed, Apr 18, 2018 at 12:14 AM, Dimitris Zacharopoulos via
dev-security-policy wrote:
On 18/4/2018 12:04 πμ, Jeremy Rowley via dev-security-policy wrote:
Having to go through
On Wed, Apr 18, 2018 at 2:50 PM, Wayne Thayer via dev-security-policy <
dev-security-policy@lists.mozilla.org> wrote:
> On Wed, Apr 18, 2018 at 12:14 AM, Dimitris Zacharopoulos via
> dev-security-policy wrote:
>
> > On 18/4/2018 12:04 πμ, Jeremy Rowley via
On Wed, Apr 18, 2018 at 3:14 AM, Dimitris Zacharopoulos via
dev-security-policy wrote:
> Mail servers receive tons of SPAM everyday and an email address target is
> a very easy target for popular CAs. We should also consider the possibility
> of accidental
On 18/4/2018 12:04 πμ, Jeremy Rowley via dev-security-policy wrote:
Having to go through captchas to even get the email sent is just another
obstacle in getting the CA a timely certificate problem report
Nowadays, people deal with captchas all the time in various popular web
sites. I don't
:50 AM
To: mozilla-dev-security-policy <mozilla-dev-security-pol...@lists.mozilla.org>
Subject: Policy 2.6 Proposal: Require CAs to support problem reports via email
Section 4.9.3 of the CA/Browser Forum's Baseline Requirements says:
"The CA SHALL provide Subscribers, Relying Parties, App
Section 4.9.3 of the CA/Browser Forum's Baseline Requirements says:
"The CA SHALL provide Subscribers, Relying Parties, Application Software
Suppliers, and other third parties with clear instructions for reporting
suspected Private Key Compromise, Certificate misuse, or other types of
fraud,
9 matches
Mail list logo