On Tuesday, June 30, 2015 at 2:36:57 PM UTC-4, Richard Barnes wrote:
> Dear dev.security.policy,
>
> I wanted to let you all know of some correspondence that happened recently
I understand root certificate bundles that are managed by the browser either as
part of the OS keybag, or software keyba
Bonjour,
Le mardi 7 juillet 2015 03:02:48 UTC+2, Peter Bowen a écrit :
> Thinking about this from a technical perspective, rather than a
> political one, this seems very similar to a user deciding to add
> additional certificates to their trust store. I think the primary
> differences are the nee
Sent from my iPhone. Please excuse brevity.
> On Jul 7, 2015, at 08:01, Peter Bowen wrote:
>
>> On Tue, Jul 7, 2015 at 7:51 AM, Richard Barnes wrote:
>> To echo Gerv's point: How is the user supposed to evaluate whether to
>> trust the EU list?
>
> I was not imaging a first-launch UI to choose,
On Tue, Jul 7, 2015 at 7:51 AM, Richard Barnes wrote:
> To echo Gerv's point: How is the user supposed to evaluate whether to
> trust the EU list?
I was not imaging a first-launch UI to choose, rather an option
similar to what is available today for adding CAs. There is a special
mime type that
> [mailto:dev-security-policy-bounces+ben=digicert@lists.mozilla.org] On
> Behalf Of Gervase Markham
> Sent: Tuesday, July 7, 2015 6:13 AM
> To: mozilla-dev-security-pol...@lists.mozilla.org
> Subject: Re: Letter from US House of Representatives
>
>> On 06/07/15 17:4
@lists.mozilla.org] On
Behalf Of Gervase Markham
Sent: Tuesday, July 7, 2015 6:13 AM
To: mozilla-dev-security-pol...@lists.mozilla.org
Subject: Re: Letter from US House of Representatives
On 06/07/15 17:44, Ben Wilson wrote:
> Thanks. I realize/think that this would require a separate root
> progra
On 06/07/15 17:44, Ben Wilson wrote:
> Thanks. I realize/think that this would require a separate root
> program. If you think of it as a Venn diagram there would be Set A
> and Set B. The user would then select A, B, A U B or A ∩ B.
The trouble with this is that, while it makes sense to you
-
From: dev-security-policy
[mailto:dev-security-policy-bounces+richard=wosign@lists.mozilla.org] On
Behalf Of Ben Wilson
Sent: Tuesday, July 7, 2015 12:45 AM
To: Gervase Markham; mozilla-dev-security-pol...@lists.mozilla.org
Cc: Tom Ritter; Peter Kurrasch; Eric Mill; Richard Barnes
Subject: RE:
On 2015-07-06 16:34, Ben Wilson wrote:
I was asked (by
someone in the audience and not by anyone specifically representing EU
governments) to relay a message that some European supervisory bodies would
like browsers and OS providers to enable and support an additional trust
list or trust store, s
n
Behalf Of Ben Wilson
Sent: Tuesday, July 7, 2015 12:45 AM
To: Gervase Markham; mozilla-dev-security-pol...@lists.mozilla.org
Cc: Tom Ritter; Peter Kurrasch; Eric Mill; Richard Barnes
Subject: RE: Letter from US House of Representatives
Gerv,
Thanks. I realize/think that this would require a s
From: dev-security-policy
> [mailto:dev-security-policy-bounces+richard=wosign@lists.mozilla.org] On
> Behalf Of Ben Wilson
> Sent: Tuesday, July 7, 2015 12:45 AM
> To: Gervase Markham; mozilla-dev-security-pol...@lists.mozilla.org
> Cc: Tom Ritter; Peter Kurrasch; Eric Mill;
Subject: RE: Letter from US House of Representatives
Gerv,
Thanks. I realize/think that this would require a separate root program. If
you think of it as a Venn diagram there would be Set A and Set B. The user
would then select A, B, A U B or A ∩ B. From a U.S. Government perspective, I
have
Ben
-Original Message-
From: Gervase Markham [mailto:g...@mozilla.org]
Sent: Monday, July 6, 2015 10:29 AM
To: Ben Wilson; mozilla-dev-security-pol...@lists.mozilla.org
Cc: Eric Mill; Peter Kurrasch; Tom Ritter; Richard Barnes
Subject: Re: Letter from US House of Representatives
On 06/07/15
On 06/07/15 15:34, Ben Wilson wrote:
> =P7-TA-2014-0282> &language=EN&reference=P7-TA-2014-0282, I was asked (by
> someone in the audience and not by anyone specifically representing EU
> governments) to relay a message that some European supervisory bodies would
> like browsers and OS providers to
v-security-pol...@lists.mozilla.org
Subject: Re: Letter from US House of Representatives
On 30 June 2015 at 13:36, Richard Barnes < <mailto:rbar...@mozilla.com>
rbar...@mozilla.com> wrote:
> Obviously, we can't change the letter now, but if you have any
> thoughts or con
On 30 June 2015 at 13:36, Richard Barnes wrote:
> Obviously, we can't change the letter now, but if you have any thoughts or
> concerns about this interaction, please feel free to reply in this thread.
I guess I feel like there was a lot more things that could be put under #4.
- I understand Moz
> As you know, the root store is a fixed component with the browser and the
only way to change it is to update your browser.
That may be true for Firefox, but I don't think that's universally true. I
believe some browsers look to the underlying OS trust store, which can be
updated separately from
Thanks for sharing this correspondence, Richard. I'm not sure the committee
fully appreciates the scope of the problem but it's good to see them make an
effort. I was actually surprised that the committee seems to understand as much
as they do so perhaps this will be just a first step in a proce
18 matches
Mail list logo
