RE: [EXT] Symantec: Draft Proposal

2017-05-15 Thread Steve Medin via dev-security-policy
zilla.org>; mozilla-dev-security-pol...@lists.mozilla.org Subject: Re: [EXT] Symantec: Draft Proposal To ask a substantive question, you have asserted that all certificates issued have been logged to CT; this Symantec CA currently has no publicly logged issued certificates: https://cr

Re: [EXT] Symantec: Draft Proposal

2017-05-05 Thread Gervase Markham via dev-security-policy
On 05/05/17 04:30, Steve Medin wrote: > Gerv, thank you for your draft proposal under consideration. We have posted > our comments and detailed information at: > https://www.symantec.com/connect/blogs/symantec-ca-continues-public-dialogue It feels somewhat strange to have this disjointed

Re: [EXT] Symantec: Draft Proposal

2017-05-05 Thread Alex Gaynor via dev-security-policy
It is clear to me from reading this that there is a significant gap between Symantec's perspective on the severity of the issues discussed and the perspective of many m.d.s.p. participants. Hopefully this email will serve to highlight some specific areas that contribute to this gap, and which

Re: [EXT] Symantec: Draft Proposal

2017-05-05 Thread tmcqueen.old--- via dev-security-policy
Steve, I am glad to see that Symantec is willing to continue public discussion on possible paths forward. But these responses still seem to continue to focus on the RA issue, and do not respond to or address all of the other serious issues identified here. For example, issue Y (Q9) -- un- or

RE: [EXT] Symantec: Draft Proposal

2017-05-04 Thread Steve Medin via dev-security-policy
> -Original Message- > From: dev-security-policy [mailto:dev-security-policy- > bounces+steve_medin=symantec@lists.mozilla.org] On Behalf Of > Gervase Markham via dev-security-policy > Sent: Monday, May 01, 2017 10:16 AM > To: mozilla-dev-security-pol...@lists.mozilla.org > Subject:

Re: [EXT] Symantec: Draft Proposal

2017-05-02 Thread Gervase Markham via dev-security-policy
Hi Steve, On 02/05/17 18:39, Steve Medin wrote: > Gerv- Thank you for the thoughtful analysis. We are reviewing and intend to > respond to your latest proposal shortly. Please understand that this is not (yet) Mozilla's response to Symantec. If we were a closed root program, this would be an

RE: [EXT] Symantec: Draft Proposal

2017-05-02 Thread Steve Medin via dev-security-policy
Gerv- Thank you for the thoughtful analysis. We are reviewing and intend to respond to your latest proposal shortly. > -Original Message- > From: dev-security-policy [mailto:dev-security-policy- > bounces+steve_medin=symantec@lists.mozilla.org] On Behalf Of > Gervase Markham via