Re: Policy 2.6 Proposal: Require disclosure of S/MIME validation practices
This change is made in the 2.6 branch: https://github.com/mozilla/pkipolicy/commit/42ebde18794bc1690885bfdd4e3fb12e7c2c832b We'll need to discuss a deadline for the CPS updates to be published. - Wayne On Mon, Mar 26, 2018 at 12:59 PM, Tim Hollebeek <tim.holleb...@digicert.com> wrote: > I like this one. > > It will be very useful as a starting point if we finally get a CABF S/MIME > working > group, which is likely to happen. > > -Tim > > > -Original Message- > > From: dev-security-policy [mailto:dev-security-policy- > > bounces+tim.hollebeek=digicert@lists.mozilla.org] On Behalf Of Wayne > > Thayer via dev-security-policy > > Sent: Monday, March 26, 2018 2:50 PM > > To: mozilla-dev-security-policy > <mozilla-dev-security-pol...@lists.mozilla.org> > > Subject: Policy 2.6 Proposal: Require disclosure of S/MIME validation > practices > > > > Mozilla policy section 2.2(2) requires validation of email addresses for > S/MIME > > certificates, but doesn't require disclosure of these practices as it > does > for TLS > > certificates. > > > > I propose adding the following language from 2.2 (3) (TLS) to 2.2(2) > > (S/MIME): > > > > The CA's CP/CPS must clearly specify the procedure(s) that the CA employs > to > > perform this verification. > > > > This is: https://github.com/mozilla/pkipolicy/issues/114 > > > > --- > > > > This is a proposed update to Mozilla's root store policy for version 2.6. > Please > > keep discussion in this group rather than on GitHub. Silence is consent. > > > > Policy 2.5 (current version): > > https://github.com/mozilla/pkipolicy/blob/2.5/rootstore/policy.md > > ___ > > dev-security-policy mailing list > > dev-security-policy@lists.mozilla.org > > https://lists.mozilla.org/listinfo/dev-security-policy > ___ dev-security-policy mailing list dev-security-policy@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-security-policy
RE: Policy 2.6 Proposal: Require disclosure of S/MIME validation practices
I like this one. It will be very useful as a starting point if we finally get a CABF S/MIME working group, which is likely to happen. -Tim > -Original Message- > From: dev-security-policy [mailto:dev-security-policy- > bounces+tim.hollebeek=digicert@lists.mozilla.org] On Behalf Of Wayne > Thayer via dev-security-policy > Sent: Monday, March 26, 2018 2:50 PM > To: mozilla-dev-security-policy <mozilla-dev-security-pol...@lists.mozilla.org> > Subject: Policy 2.6 Proposal: Require disclosure of S/MIME validation practices > > Mozilla policy section 2.2(2) requires validation of email addresses for S/MIME > certificates, but doesn't require disclosure of these practices as it does for TLS > certificates. > > I propose adding the following language from 2.2 (3) (TLS) to 2.2(2) > (S/MIME): > > The CA's CP/CPS must clearly specify the procedure(s) that the CA employs to > perform this verification. > > This is: https://github.com/mozilla/pkipolicy/issues/114 > > --- > > This is a proposed update to Mozilla's root store policy for version 2.6. Please > keep discussion in this group rather than on GitHub. Silence is consent. > > Policy 2.5 (current version): > https://github.com/mozilla/pkipolicy/blob/2.5/rootstore/policy.md > ___ > dev-security-policy mailing list > dev-security-policy@lists.mozilla.org > https://lists.mozilla.org/listinfo/dev-security-policy smime.p7s Description: S/MIME cryptographic signature ___ dev-security-policy mailing list dev-security-policy@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-security-policy
Policy 2.6 Proposal: Require disclosure of S/MIME validation practices
Mozilla policy section 2.2(2) requires validation of email addresses for S/MIME certificates, but doesn't require disclosure of these practices as it does for TLS certificates. I propose adding the following language from 2.2 (3) (TLS) to 2.2(2) (S/MIME): The CA's CP/CPS must clearly specify the procedure(s) that the CA employs to perform this verification. This is: https://github.com/mozilla/pkipolicy/issues/114 --- This is a proposed update to Mozilla's root store policy for version 2.6. Please keep discussion in this group rather than on GitHub. Silence is consent. Policy 2.5 (current version): https://github.com/mozilla/pkipolicy/blob/2.5/rootstore/policy.md ___ dev-security-policy mailing list dev-security-policy@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-security-policy