Hi Kathleen,
I suggest being explicit about which CAA errata Mozilla allows.
For CNAME, it's erratum 5065.
For DNAME, it's erratum 5097.
Link to errata: https://www.rfc-editor.org/errata_search.php?rfc=6844
We don't want CAs to think they can follow any errata they like, or to
come up with
On 16.10.2017 19:32, Gervase Markham via dev-security-policy wrote:
>
> Here is Mozilla’s planned timeline for the graduated distrust of
> Symantec roots (subject to change):
>
> * January 2018 (Firefox 58): Notices in the Developer Console will warn
> about Symantec certificates issued before
All,
I will greatly appreciate your thoughtful and constructive feedback on the
DRAFT of Mozilla's next CA Communication, which I am hoping to send in early
November.
https://wiki.mozilla.org/CA/Communications#November_2017_CA_Communication
Direct link to the survey:
Some initial thoughts
1. I'm a bit confused by bullet #2 in the survey. Wasn't it already the
Mozilla policy that CAs could only use the blessed 10 methods of validation?
I thought this was communicated in the previous letter?
2. On bullet #3, I'm reading the wording to mean either 1) disclosed
4 matches
Mail list logo