A response is now available in Bugzilla 1334377 and directly at:
https://bugzilla.mozilla.org/attachment.cgi?id=8836487
> -Original Message-
> From: Gervase Markham [mailto:g...@mozilla.org]
> Sent: Thursday, February 09, 2017 4:56 AM
> To: Steve Medin ; mozilla-dev-security-
> pol...@lis
On Sunday, 12 February 2017 15:28:26 UTC, Steve Medin wrote:
> A response is now available in Bugzilla 1334377 and directly at:
> https://bugzilla.mozilla.org/attachment.cgi?id=8836487
Thanks for these responses Steve,
I believe that Symantec's decision to terminate the RA Partner programme was
Though Nick's email implies the announcement, for the benefit of the list,
here's Symantec's introduction at the top of their response:
Based on our investigation of CrossCert, we have concerns due to (1)
demonstrated non-compliance with processes and controls, (2) assertions of
third party audito
Also relevant are Symantec's statements about two E&Y regional auditors.
One section describes contradictions from E&Y KR (Korea) in describing why
some CrossCert issuing CAs were not in scope:
• The list of CAs in the audit was produced by CrossCert and given to E&Y
KR as the scope to audit. It
Hi Steve,
I have a few questions:
1. What criteria is Symantec using to determine if a certificate has a
"deficiency" that warrants re-validation?
2. How will Symantec assess whether the domain(s) in a certificate were
correctly validated?
3. Is any of the information gathered by processing age
Gervase Markham via dev-security-policy
writes:
>Peter: you are going to have to re-summarise your question. And then, if you
>are asking why Mozilla code works in a certain way, mozilla.dev.security or
>mozilla.dev.tech.crypto are almost certainly far better venues.
Sure, no problem. I was ju
6 matches
Mail list logo
