All,
The responses to Mozilla's April 2017 CA Communication are being published here:
https://wiki.mozilla.org/CA:Communications#April_2017_Responses
Reminder:
I have postponed the response deadline to May 5, and I made a note of that here:
https://wiki.mozilla.org/CA:Communications#April_2017
Hi Ryan--To your first comment, I'm afraid I won't have the time to take a closer look at the discussion on 3.2.2.4. Hopefully a path from single domain to unlimited domains exists (or will). It makes sense to me
On Wed, Apr 26, 2017 at 3:17 PM, Peter Kurrasch wrote:
> Hi Ryan--
>
> To your first comment, I'm afraid I won't have the time to take a closer
> look at the discussion on 3.2.2.4. Hopefully a path from single domain to
> unlimited domains exists (or will). It makes sense to me (without fully
> c
I think this is getting weird.
At first (some other thread) it get's explained that e.g. LetsEncrypt does not
do anything beyond domain validation and possibly on notification take down a
few certificates of phishing site. And that was "... all OK because we want SSL
to be used everywhere, and
On 25/04/17 23:50, Ryan Sleevi via dev-security-policy wrote:
Continuing to look through the audits, I happened to notice a few other
things that stood out, some more pressing than others.
More pressing:
I can find no disclosure with Salesforce or crt.sh of at least two CAs that
are listed 'in s
On Wed, Apr 26, 2017 at 4:02 PM, okaphone.elektronika--- via
dev-security-policy wrote:
> I think this is getting weird.
>
> At first (some other thread) it get's explained that e.g. LetsEncrypt does
> not do anything beyond domain validation and possibly on notification take
> down a few certifi
On Wednesday, 26 April 2017 22:43:19 UTC+2, Ryan Sleevi wrote:
> On Wed, Apr 26, 2017 at 4:02 PM, okaphone.elektronika wrote:
>
> > I think this is getting weird.
> >
> > At first (some other thread) it get's explained that e.g. LetsEncrypt does
> > not do anything beyond domain validation and po
The Bugzilla Product/Components for CA Program bugs have been changed.
All of the CA Program bugs are now in the NSS Product group in Bugzilla.
The NSS Product group in Bugzilla now has the following Components:
Build
CA Certificate Mis-Issuance
CA Certificate Root Program
CA Certificates Code
Do
On Wed, Apr 26, 2017 at 5:17 PM, okaphone.elektronika--- via
dev-security-policy wrote:
>
> If this is about the possible consequences of compromise, then I'd say you
> should try to adres that. But please do come up with something that still
> allows for enough flexibility, so I can arrange the H
Status Update:
We are still scanning our database to discover all certificates containing
incorrect data. So far, the count is at 1510. The issues fall into two
categories: 1) a failure to properly convey that BRs prohibit inclusion of meta
data (BR 7.1.4.2.2.j) and 2) auto-population of data
All,
As many of you know, Aaron Wu has been doing the Information Verification[1]
for root inclusion/update requests, has helped me organize the CA Program
Bugzilla Bugs[2], and continues to expand in his role in helping with Mozilla's
CA Certificates Module[3].
I have asked Aaron to begin op
> -Original Message-
> From: dev-security-policy [mailto:dev-security-policy-
> bounces+steve_medin=symantec@lists.mozilla.org] On Behalf Of
> Gervase Markham via dev-security-policy
> Sent: Friday, April 21, 2017 6:17 AM
> To: mozilla-dev-security-pol...@lists.mozilla.org
> Subject: Sy
On Thursday, 27 April 2017 00:42:20 UTC+2, Ryan Sleevi wrote:
> On Wed, Apr 26, 2017 at 5:17 PM, okaphone.elektronika--- via
> dev-security-policy wrote:
> >
> > If this is about the possible consequences of compromise, then I'd say you
> > should try to adres that. But please do come up with som
13 matches
Mail list logo