All,
Thank you for your patience throughout this long discussion. I
appreciate all of your thoughtful and constructive input.
I feel confident now that we should do the following:
1) Remove reference to the code signing trust bit from version 2.3 of
Mozilla's CA Certificate Policy.
2) When ve
I can't think of a case either. What I'm advocating would be an expansion of Mozilla's role in the security space--something that may or may not be appropriate for me to do, with pros and cons either way.
On 08/10/15 17:20, Peter Bowen wrote:
> going forward, so there would be no impact to Mozilla products. That
> leaves OpenJDK on Red Hat. It was indicated in an earlier part of
> the thread that Red Hat may be basing their trust store on Mozilla’s
> trust store. This is the one defined place wher
On 08/10/15 14:27, Peter Kurrasch wrote:
> 2. Loss of visibility/consistency/input: If Mozilla decides to exit the
> code signing world, the security community loses a place to share
> experiences, establish policies, discuss and evaluate bad acts and bad
> actors, and so forth
I've never seen th
> On Oct 8, 2015, at 6:27 AM, Peter Kurrasch wrote:
>
> I will cop to being confused about the Linux situation--I thought some issue
> had been identified for one of the distros.
>
> 1. Impacts to specific products: I had hoped that by now we'd be able to
> point to specific products that w
I will cop to being confused about the Linux situation--I thought some issue had been identified for one of the distros.At this point, please allow me to take a step back and try to articulate my current views on
On Tue, Oct 06, 2015 at 01:05:52PM -0500, Peter Kurrasch wrote:
> Actually, what is the plan for Linux after the code signing trust bit is
> dropped?
What would change, such that Linux would have to make plans?
- Matt
___
dev-security-policy mailing li
On 06/10/15 02:05 PM, Peter Kurrasch wrote:
> Erwann--I checked and Mozilla has a very strict "No Kissing" policy in the
> forums, so maybe a handshake will have to suffice.
>
> I believe Tesla is using a (older?) Ubuntu release in its cars. Does anyone
> here know if they make any use of the N
Erwann--I checked and Mozilla has a very strict "No Kissing" policy in the
forums, so maybe a handshake will have to suffice.
I believe Tesla is using a (older?) Ubuntu release in its cars. Does anyone
here know if they make any use of the NSS capabilities in that distro?
Actually, what is the
Kathleen, I'll admit that I'm discouraged from contributing. Can you tell us
what if anything is being done to keep the discourse at a more respectable
level?
___
dev-security-policy mailing list
dev-security-policy@lists.mozilla.org
https://lists.mozil
Le lundi 5 octobre 2015 19:36:03 UTC+2, Peter Kurrasch a écrit :
> TL;DR... [...Peter and Ryan more than disagree...]
Please, stay cool, kiss each other.
> Let's consider a (hypothetical) situation where I'm a manufacturer of
> anti-lock braking systems that go into cars made by 5 different comp
TL;DR...that is until I saw you calling me a concern troll. You make it abundantly clear you believe I am far too ignorant to participate meaningfully in this discussion but I wish you had the humility to ask qu
On 04/10/15 23:02, R Kent James wrote:
> You seem to be implying that Thunderbird is no longer a Mozilla
> application. Where do you get this idea?
No need to get upset, Kent - Kirk's head is in the CA world, not the
Mozilla world. Your points about Thunderbird's role are reasonable ones,
but let'
On 04/10/15 13:18, kirk_h...@trendmicro.com wrote:
> As to whether or not to remove the trust bits for code signing and
> email, I guess I would ask: Why did Mozilla include/create the trust
> bits in the first place?
You would need to ask Netscape :-)
> Was it only to support Mozilla application
On 10/4/2015 5:18 AM, kirk_h...@trendmicro.com wrote:
As to whether or not to remove the trust bits for code signing and email, I
guess I would ask: Why did Mozilla include/create the trust bits in the first
place? Was it only to support Mozilla applications like Thunderbird? Or was
it to se
On 10/2/2015 12:36 PM, Brian Smith wrote:
...
Further, there's been actual evidence presented that Mozilla's S/MIME
software is not trustworthy due to lack of maintenance.
I tried to find more than just the previously cited
https://bugzilla.mozilla.org/show_bug.cgi?id=1178032 but found none. S
Kurrasch [mailto:fhw...@gmail.com]
Sent: Friday, October 02, 2015 9:54 PM
To: Kirk Hall (RD-US); dev-security-policy@lists.mozilla.org
Subject: Re: Policy Update Proposal: Remove Code Signing Trust Bit
Hi Kirk--
Would it be possible to provide some specific examples of the applications you
have in
On Fri, October 2, 2015 11:53 am, Peter Kurrasch wrote:
>One final comment: in terms of the embedded space, without publicly
> vetted roots I think it's safe to say that most products will include
> whatever root is necessary just to make the product work and that security
> concerns might not p
On Fri, Oct 2, 2015 at 7:41 AM, Joshua Cranmer 🐧
wrote:
> On 10/2/2015 11:36 AM, Brian Smith wrote:
>
>> First of all, there is a widely-trusted set of email roots: Microsoft's.
>> Secondly, there's no indication that having a widely-trusted set of email
>> roots *even makes sense*. Nobody has sh
Hi Kirk--Would it be possible to provide some specific examples of the applications you have in mind? Or maybe some use cases that would be relevant here (in the context of code signing)? My contention has been a
On 10/2/2015 11:36 AM, Brian Smith wrote:
-- Forwarded message --
From: Brian Smith
Date: Thu, Oct 1, 2015 at 7:15 AM
Subject: Re: Policy Update Proposal: Remove Code Signing Trust Bit
To: Gervase Markham
Cc: "kirk_h...@trendmicro.com"
On Wed, Sep 30, 2015 a
On Fri, Oct 2, 2015 at 12:36 PM, Brian Smith wrote:
> -- Forwarded message --
> From: Brian Smith
> Date: Thu, Oct 1, 2015 at 7:15 AM
> Subject: Re: Policy Update Proposal: Remove Code Signing Trust Bit
> To: Gervase Markham
> Cc: "kirk_h...@trendmicro.
-- Forwarded message --
From: Brian Smith
Date: Thu, Oct 1, 2015 at 7:15 AM
Subject: Re: Policy Update Proposal: Remove Code Signing Trust Bit
To: Gervase Markham
Cc: "kirk_h...@trendmicro.com"
On Wed, Sep 30, 2015 at 11:05 PM, Gervase Markham wrote:
> On 0
On 10/1/15 2:05 AM, Gervase Markham wrote:
On 01/10/15 02:43, Brian Smith wrote:
I wish you would have led with these completely ridiculous suggestion
instead of the only-slightly-less ridiculous stuff that preceded it.
This kind of language, while it does follow the rule of criticising
ideas
On 2015-10-01 11:05, Gervase Markham wrote:
On 01/10/15 02:43, Brian Smith wrote:
Perhaps nobody's is, and the whole idea of using publicly-trusted CAs for
code signing and email certs is flawed and so nobody should do this.
I think we should divide code-signing and email here. I can see how o
On 01/10/15 02:43, Brian Smith wrote:
> Perhaps nobody's is, and the whole idea of using publicly-trusted CAs for
> code signing and email certs is flawed and so nobody should do this.
I think we should divide code-signing and email here. I can see how one
might make an argument that using Mozilla
[I'm specifically only responding in the context of code signing
certificates; that is what this thread is about, and the issues for the two
types of certificates are separate and should remain so]
On Thu, Oct 01, 2015 at 01:11:05AM +, kirk_h...@trendmicro.com wrote:
> The Mozilla NSS root sto
On Wed, Sep 30, 2015 at 3:11 PM, kirk_h...@trendmicro.com <
kirk_h...@trendmicro.com> wrote:
> The Mozilla NSS root store is used by some well-known applications as
> discussed, but also by many unknown applications. If the trust bits are
> removed, CAs who issue code signing or email certs may f
I checked with our team, and we think it would be a mistake for Mozilla to
remove the trust bits for either code signing or email certs.
The Mozilla NSS root store is used by some well-known applications as
discussed, but also by many unknown applications. If the trust bits are
removed, CAs wh
On 24/09/15 16:53, Richard Wang wrote:
> I think FireFox plugin XPI need to be signed, this is the usage.
That is no longer the case.
Gerv
___
dev-security-policy mailing list
dev-security-policy@lists.mozilla.org
https://lists.mozilla.org/listinfo/dev
Sent from my iPhone. Please excuse brevity.
> On Sep 24, 2015, at 08:56, Richard Wang wrote:
>
> I think FireFox plugin XPI need to be signed, this is the usage.
Those are signed with a specific Mozilla-owned authority, which is
independent of the root program. XPI signing does not rely on the
I think FireFox plugin XPI need to be signed, this is the usage.
Regards,
Richard
> On Sep 24, 2015, at 20:53, Gervase Markham wrote:
>
>> On 24/09/15 02:58, Peter Kurrasch wrote:
>> I suppose my comment was not as clear as I intended but, yes, I think
>> Mozilla's commitment to openness is a
On 9/24/15 6:07 AM, Peter Bachman wrote:
When the thread starts on the separate S/MIME policy update thread let me know,
I work on a project that relies on S/MIME for transferring medical files and
want to keep open the FOSS component of that. While that project has a strong
server reference i
When the thread starts on the separate S/MIME policy update thread let me know,
I work on a project that relies on S/MIME for transferring medical files and
want to keep open the FOSS component of that. While that project has a strong
server reference implementation, the private keys are held at
On 24/09/15 02:58, Peter Kurrasch wrote:
> I suppose my comment was not as clear as I intended but, yes, I think
> Mozilla's commitment to openness is a reason to keep the code sign bit
> and continue to review CA inclusion requests for their code signing
> roots. I'm not aware of another organizat
I suppose my comment was not as clear as I intended but, yes, I think Mozilla's commitment to openness is a reason to keep the code sign bit and continue to review CA inclusion requests for their code signing root
On 9/18/15 5:48 AM, Peter Kurrasch wrote:
Hi Kathleen,
This summary looks pretty good. I think you could add the point raised by Man
Ho which essentially asks the question of who should/can/will evaluate the
trustworthiness of root certs. There are pros and cons either way on that one.
One la
ember 17, 2015 6:26 PM
To: mozilla-dev-security-pol...@lists.mozilla.org
Subject: Re: Policy Update Proposal: Remove Code Signing Trust Bit
Thanks to all of you for your thoughtful and constructive input in this
discussion.
Here is a summary of this discussion so far.
Proposal: Remove refere
Thanks to all of you for your thoughtful and constructive input in this
discussion.
Here is a summary of this discussion so far.
Proposal: Remove references to code signing from Mozilla's CA
Certificate Policy, then turn off all Code Signing trust bits for root
certificates included in the NS
On 9/16/15 8:53 PM, David E. Ross wrote:
On 9/15/2015 8:51 AM, Kathleen Wilson wrote [in part]:
Yes. My plan is to publish the DRAFT of version 2.3 of the policy and
list the changes, and then send a CA Communication to be sure they are
all aware of the proposed changes and give them time to re
On 9/15/2015 8:51 AM, Kathleen Wilson wrote [in part]:
> Yes. My plan is to publish the DRAFT of version 2.3 of the policy and
> list the changes, and then send a CA Communication to be sure they are
> all aware of the proposed changes and give them time to respond. So, it
> is very possible th
On 9/17/2015 10:26 AM, Peter Kurrasch wrote:
> As a counter exaple, consider that some in-car entertainment systems
> offer (or want to offer) "downloadable app" capabilities.
Obviously, Mozilla's position is that it should be the car
manufacturer's responsibility to maintain their own trust lis
It sounds as though the decision has been made, then: the code sign trust bit is out as are the pertinent certs. With Gerv giving a repeated "best regards" to the BR I don't think any other conclusion could be dr
On 9/14/2015 9:47 AM, Kathleen Wilson wrote:
Anyways, let's not discuss the Email trust bit in this particular
discussion thread. I would like to keep this particular discussion
focused on the policy proposal to remove the Code Signing trust bit.
We will have a separate discussion about the Emai
On 9/15/15 5:42 AM, Peter Kurrasch wrote:
So is Mozilla becoming, in effect, just a browser company? If email is
de-prioritized and code signing is on life support, that would be good to know
before getting too bogged down with issues that aren't necessarily important to
Mozilla. I'm just try
So is Mozilla becoming, in effect, just a browser company? If email is
de-prioritized and code signing is on life support, that would be good to know
before getting too bogged down with issues that aren't necessarily important to
Mozilla. I'm just trying to understand where the boundaries are.
On 9/11/15 10:55 AM, Brian Smith wrote:
The same argument applies to email. Nobody wants to admit that Thunderbird
is dead, it is uncomfortable to know that the S/MIME handling in
Thunderbird has been unmaintained for at least half a decade, and it's a
little embarrassing to admit that the model
On Thu, Sep 10, 2015 at 1:20 PM, Kathleen Wilson
wrote:
> Proposal for version 2.3 of Mozilla's CA Certificate Policy:
>
> Remove the code signing trust bit.
>
> If this proposal is accepted, then there would be follow-up action items
> that would need to happen after version 2.3 of the policy is
On Thu, Sep 10, 2015 at 01:20:02PM -0700, Kathleen Wilson wrote:
> Proposal for version 2.3 of Mozilla's CA Certificate Policy:
>
> Remove the code signing trust bit.
>
> If this proposal is accepted, then there would be follow-up action items
> that would need to happen after version 2.3 of the
On Fri, Sep 11, 2015 at 06:56:49AM +0300, Moudrick M. Dadashov wrote:
> On 9/11/2015 3:23 AM, Peter Bowen wrote:
> >On Thu, Sep 10, 2015 at 3:54 PM, Peter Kurrasch wrote:
> >>It should be understood that code signing is very important in the
> >>embedded space--just ask Tesla or Jeep/Chrysler or N
On 9/11/2015 3:23 AM, Peter Bowen wrote:
On Thu, Sep 10, 2015 at 3:54 PM, Peter Kurrasch wrote:
It seems to me that the benefits of this proposed change are minimal while
the negative impacts to embedded systems are significant. Perhaps I've
missed something?
It should be understood that cod
On Thu, Sep 10, 2015 at 05:54:22PM -0500, Peter Kurrasch wrote:
>It should be understood that code signing is very important in the
>embedded space--just ask Tesla or Jeep/Chrysler or Nest or other IoT
>product developers. If we accept that premise, the question immediately
>becomes
On Thu, Sep 10, 2015 at 3:54 PM, Peter Kurrasch wrote:
> It seems to me that the benefits of this proposed change are minimal while
> the negative impacts to embedded systems are significant. Perhaps I've
> missed something?
>
> It should be understood that code signing is very important in the
It seems to me that the benefits of this proposed change are minimal while the negative impacts to embedded systems are significant. Perhaps I've missed something? It should be understood that code signing is ver
On 9/10/2015 1:20 PM, Kathleen Wilson wrote [in part]:
> Proposal for version 2.3 of Mozilla's CA Certificate Policy:
>
> Remove the code signing trust bit.
>
> If this proposal is accepted, then there would be follow-up action items
> that would need to happen after version 2.3 of the policy is
Proposal for version 2.3 of Mozilla's CA Certificate Policy:
Remove the code signing trust bit.
If this proposal is accepted, then there would be follow-up action items
that would need to happen after version 2.3 of the policy is published:
1) Remove any root certificates that do not have the W
56 matches
Mail list logo
