On Mon, Jan 7, 2019 at 6:05 AM Rob Stradling wrote:
> On 02/01/2019 22:40, Wayne Thayer via dev-security-policy wrote:
>
> > Yes, the idea is that CT could remove the need to enforce intermediate
> > disclosures via policy.
>
> Hi Wayne. That seems at odds with (my understanding of) the purpose
On 02/01/2019 14:10, Rob Stradling via dev-security-policy wrote:
> On 02/01/2019 13:44, info--- via dev-security-policy wrote:
>> We're reviewing what happened with this subCA, because it's reported to the
>> CCADB (like all other subCAs). At the moment we've seen that there are two
>> differen
On 02/01/2019 22:40, Wayne Thayer via dev-security-policy wrote:
> Yes, the idea is that CT could remove the need to enforce intermediate
> disclosures via policy.
Hi Wayne. That seems at odds with (my understanding of) the purpose of
the disclosure requirement.
The relevant phrase in the Mozi
On 03/01/2019 16:46, Kurt Roeckx wrote:
On 2019-01-03 16:25, Jakob Bohm wrote:
There is the date fields in the SubCA certificate itself, as well as any
embedded CT data (assuming the parent CA is correctly CT-logged).
Do you expect precertificates for CA certificates?
I currently don't know i
On 2019-01-03 16:25, Jakob Bohm wrote:
There is the date fields in the SubCA certificate itself, as well as any
embedded CT data (assuming the parent CA is correctly CT-logged).
Do you expect precertificates for CA certificates?
I currently don't know if there are any requirements for logging
On 02/01/2019 23:40, Wayne Thayer wrote:
> On Wed, Jan 2, 2019 at 11:32 AM Jakob Bohm via dev-security-policy <
> dev-security-policy@lists.mozilla.org> wrote:
>
>> On 02/01/2019 17:17, Wayne Thayer wrote:
>>> The options to consider are:
>>> 1. Continue with current policy of treating non-disclos
On Wed, Jan 2, 2019 at 11:32 AM Jakob Bohm via dev-security-policy <
dev-security-policy@lists.mozilla.org> wrote:
> On 02/01/2019 17:17, Wayne Thayer wrote:
> > The options to consider are:
> > 1. Continue with current policy of treating non-disclosure of
> unconstrained
> > intermediates as an i
On Wed, Jan 2, 2019 at 1:32 PM Jakob Bohm via dev-security-policy <
dev-security-policy@lists.mozilla.org> wrote:
> > 2. Change our policy to state that any undisclosed intermediate we
> discover
> > will be immediately and permanently added to OneCRL.
>
> This needs adding some logical criteria,
On 02/01/2019 17:17, Wayne Thayer wrote:
On Wed, Jan 2, 2019 at 7:10 AM Rob Stradling via dev-security-policy <
dev-security-policy@lists.mozilla.org> wrote:
On 02/01/2019 13:44, info--- via dev-security-policy wrote:
El miércoles, 2 de enero de 2019, 12:49:52 (UTC+1), Rob Stradling
escribió:
On Wed, Jan 2, 2019 at 11:18 AM Wayne Thayer via dev-security-policy <
dev-security-policy@lists.mozilla.org> wrote:
> The options to consider are:
> 1. Continue with current policy of treating non-disclosure of unconstrained
> intermediates as an incident. This could eventually lead to having the
On Wed, Jan 2, 2019 at 7:10 AM Rob Stradling via dev-security-policy <
dev-security-policy@lists.mozilla.org> wrote:
> On 02/01/2019 13:44, info--- via dev-security-policy wrote:
> > El miércoles, 2 de enero de 2019, 12:49:52 (UTC+1), Rob Stradling
> escribió:
> >> On 09/10/2018 23:53, Wayne Thaye
On 02/01/2019 13:44, info--- via dev-security-policy wrote:
> El miércoles, 2 de enero de 2019, 12:49:52 (UTC+1), Rob Stradling escribió:
>> On 09/10/2018 23:53, Wayne Thayer wrote:
>>> On Tue, Oct 9, 2018 at 3:43 AM Rob Stradling wrote:
>>> Wayne, Kathleen:
>>> Given the number of times
El miércoles, 2 de enero de 2019, 12:49:52 (UTC+1), Rob Stradling escribió:
> On 09/10/2018 23:53, Wayne Thayer wrote:
> > On Tue, Oct 9, 2018 at 3:43 AM Rob Stradling wrote:
> > Wayne, Kathleen:
> > Given the number of times that all the CAs in Mozilla's Root Program
> > have been rem
On 09/10/2018 23:53, Wayne Thayer wrote:
> On Tue, Oct 9, 2018 at 3:43 AM Rob Stradling wrote:
> Wayne, Kathleen:
> Given the number of times that all the CAs in Mozilla's Root Program
> have been reminded about Mozilla's requirements for disclosing
> intermediate certs, I wouldn't
On 09/10/2018 23:53, Wayne Thayer wrote:
> - DigiCert
>
> Looks like DigiCert disclosed these within a few hours of your email.
Yes, but I hope that DigiCert will provide an incident report so that we
can understand why DigiCert's "processes in place to ensure that these
requirements a
Thank you Rob.
On Tue, Oct 9, 2018 at 3:43 AM Rob Stradling via dev-security-policy <
dev-security-policy@lists.mozilla.org> wrote:
> "ACTION 6" of Mozilla's September 2018 CA Communication [1] reminded CAs
> of the Mozilla Root Store Policy requirement [2] that
> non-technically-constrained inte
[ Please reply to list, Mozilla NNTP<->mail gateway seems to insert
wrong Reply-To ]
Telia is a notable case as this seems to be a brand new Intermediary
created but not disclosed 1 month ago.
On 09/10/2018 12:43, Rob Stradling wrote:
"ACTION 6" of Mozilla's September 2018 CA Communication [1]
[ Please reply to list, Mozilla NNTP<->mail gateway seems to insert
wrong Reply-To ]
It appears from the data that SwissSign has reacted to the requirement
by starting to log some of their existing intermediaries in CT, instead
of in CCADB. At least at a cursory glance.
On 09/10/2018 12:43, Rob
"ACTION 6" of Mozilla's September 2018 CA Communication [1] reminded CAs
of the Mozilla Root Store Policy requirement [2] that
non-technically-constrained intermediate CA certificates...
"MUST be publicly disclosed in the CCADB by the CA that has their
certificate included in Mozilla's roo
19 matches
Mail list logo