a-dev-security-pol...@lists.mozilla.org
Subject: Re: Proposed policy change: require private pre-notification of 3rd
party subCAs
Ben, I think Gerv addressed Doug's concern and indicated that situation
wouldn't fall under this policy. If that's not accurate, it'd be worth an
on-list clarificatio
am <g...@mozilla.org>;
> mozilla-dev-security-pol...@lists.mozilla.org
> Subject: RE: Proposed policy change: require private pre-notification of
> 3rd
> party subCAs
>
> Gerv,
>
> I assume this applies equally to cross signing, but not to "Vanity" CAs
>
Markham <g...@mozilla.org>;
mozilla-dev-security-pol...@lists.mozilla.org
Subject: RE: Proposed policy change: require private pre-notification of 3rd
party subCAs
Gerv,
I assume this applies equally to cross signing, but not to "Vanity" CAs that
are set up and run by the
Hi Doug,
On 24/10/17 16:43, Doug Beattie wrote:
> I assume this applies equally to cross signing,
Yes.
> but not to "Vanity" CAs that are set up and run by the CA on behalf of a
> customer.
If you have physical control of the intermediate and control of
issuance, it doesn't apply.
Gerv
.beattie=globalsign@lists.mozilla.org] On Behalf Of
> Gervase Markham via dev-security-policy
> Sent: Tuesday, October 24, 2017 11:28 AM
> To: mozilla-dev-security-pol...@lists.mozilla.org
> Subject: Proposed policy change: require private pre-notification of 3rd party
> subCAs
>
I think this would be of great benefit to the community.
1) It provides meaningful opportunity to ensure that the Mozilla-specific
program requirements are being met. The spate of misissuances discussed in
the past few months have revealed an unfortunately common trend of CAs not
staying aware of
One of the ways in which the number of organizations trusted to issue
for the WebPKI is extended is by an existing CA bestowing the power of
issuance upon a third party in the form of control of a
non-technically-constrained subCA. Examples of such are the Google and
Apple subCAs under GeoTrust,
7 matches
Mail list logo
