Re: Policy 2.6 Proposal: Require disclosure of S/MIME validation practices

2018-03-30 Thread Wayne Thayer via dev-security-policy
This change is made in the 2.6 branch:
https://github.com/mozilla/pkipolicy/commit/42ebde18794bc1690885bfdd4e3fb12e7c2c832b

We'll need to discuss a deadline for the CPS updates to be published.

- Wayne


On Mon, Mar 26, 2018 at 12:59 PM, Tim Hollebeek 
wrote:

> I like this one.
>
> It will be very useful as a starting point if we finally get a CABF S/MIME
> working
> group, which is likely to happen.
>
> -Tim
>
> > -Original Message-
> > From: dev-security-policy [mailto:dev-security-policy-
> > bounces+tim.hollebeek=digicert@lists.mozilla.org] On Behalf Of Wayne
> > Thayer via dev-security-policy
> > Sent: Monday, March 26, 2018 2:50 PM
> > To: mozilla-dev-security-policy
> 
> > Subject: Policy 2.6 Proposal: Require disclosure of S/MIME validation
> practices
> >
> > Mozilla policy section 2.2(2) requires validation of email addresses for
> S/MIME
> > certificates, but doesn't require disclosure of these practices as it
> does
> for TLS
> > certificates.
> >
> > I propose adding the following language from 2.2 (3) (TLS) to 2.2(2)
> > (S/MIME):
> >
> > The CA's CP/CPS must clearly specify the procedure(s) that the CA employs
> to
> > perform this verification.
> >
> > This is: https://github.com/mozilla/pkipolicy/issues/114
> >
> > ---
> >
> > This is a proposed update to Mozilla's root store policy for version 2.6.
> Please
> > keep discussion in this group rather than on GitHub. Silence is consent.
> >
> > Policy 2.5 (current version):
> > https://github.com/mozilla/pkipolicy/blob/2.5/rootstore/policy.md
> > ___
> > dev-security-policy mailing list
> > dev-security-policy@lists.mozilla.org
> > https://lists.mozilla.org/listinfo/dev-security-policy
>
___
dev-security-policy mailing list
dev-security-policy@lists.mozilla.org
https://lists.mozilla.org/listinfo/dev-security-policy


RE: Policy 2.6 Proposal: Require disclosure of S/MIME validation practices

2018-03-26 Thread Tim Hollebeek via dev-security-policy
I like this one.

It will be very useful as a starting point if we finally get a CABF S/MIME
working
group, which is likely to happen.

-Tim

> -Original Message-
> From: dev-security-policy [mailto:dev-security-policy-
> bounces+tim.hollebeek=digicert@lists.mozilla.org] On Behalf Of Wayne
> Thayer via dev-security-policy
> Sent: Monday, March 26, 2018 2:50 PM
> To: mozilla-dev-security-policy

> Subject: Policy 2.6 Proposal: Require disclosure of S/MIME validation
practices
> 
> Mozilla policy section 2.2(2) requires validation of email addresses for
S/MIME
> certificates, but doesn't require disclosure of these practices as it does
for TLS
> certificates.
> 
> I propose adding the following language from 2.2 (3) (TLS) to 2.2(2)
> (S/MIME):
> 
> The CA's CP/CPS must clearly specify the procedure(s) that the CA employs
to
> perform this verification.
> 
> This is: https://github.com/mozilla/pkipolicy/issues/114
> 
> ---
> 
> This is a proposed update to Mozilla's root store policy for version 2.6.
Please
> keep discussion in this group rather than on GitHub. Silence is consent.
> 
> Policy 2.5 (current version):
> https://github.com/mozilla/pkipolicy/blob/2.5/rootstore/policy.md
> ___
> dev-security-policy mailing list
> dev-security-policy@lists.mozilla.org
> https://lists.mozilla.org/listinfo/dev-security-policy


smime.p7s
Description: S/MIME cryptographic signature
___
dev-security-policy mailing list
dev-security-policy@lists.mozilla.org
https://lists.mozilla.org/listinfo/dev-security-policy