On 13/04/2018 19:18, Ryan Sleevi wrote:
On Fri, Apr 13, 2018 at 1:13 PM, Jakob Bohm via dev-security-policy <
dev-security-policy@lists.mozilla.org> wrote:
Possible outcomes of such an investigation:
1. That CA does not consider paypal to be a high risk name. This is
within their right, th
I'm saying it's the most reasonable interpretation of what happened, as
it assumes that no party acted maliciously.
On 13/04/2018 18:41, Alex Gaynor wrote:
Are you saying that's what actually happened, or that we should all pretend
that's what happened?
Because I don't believe anyone from GoDad
On Mon, Apr 16, 2018 at 3:22 PM, Jakob Bohm via dev-security-policy <
dev-security-policy@lists.mozilla.org> wrote:
>
> If that CA has a practice that they actually do something about high
> risk names, it would still be expected (in the normal, not legal,
> sense of the word) for that CA to includ
To close out this discussion, I've gone ahead with the proposed change,
including the addition of the requirement that the English language version
of the audit statement be an authoritative version:
https://github.com/mozilla/pkipolicy/commit/e4cc785367350a46fc839639a28a92bd17d542e3
- Wayne
On
The proposed language includes the requirement for compliance with both the
BRs and Mozilla policy, so it's a better fit for the section of our policy
titled "Inclusions" than the section titled "Baseline Requirements
Conformance". To close out this discussion, I added the proposed language
to sect
I will consider this issue to be resolved by the change I made for issue
113:
https://github.com/mozilla/pkipolicy/commit/55929f58da98a7af08fbf4bc2eb4537991de481b
- Wayne
On Wed, Apr 4, 2018 at 2:31 PM, Wayne Thayer wrote:
> Last year we held a discussion on this topic [1] that concluded as fo
On Wed, Apr 11, 2018 at 3:49 PM, Wayne Thayer wrote:
> As an alternative to requiring newly-issued subCA Certificates to be
> listed in the relevant CP/CPS prior to issuing certificates, would it be
> reasonable for Mozilla to require the Certificate Policies extension in
> these certificates to
On Tue, Apr 10, 2018 at 7:22 AM, Jürgen Brauckmann via dev-security-policy <
dev-security-policy@lists.mozilla.org> wrote:
>
>
> Am 10.04.2018 um 01:10 schrieb Wayne Thayer via dev-security-policy:
>
>> Getting back to the earlier question about email certificates, I am now of
>> the opinion that
On 17/04/2018 00:13, Ryan Sleevi wrote:
On Mon, Apr 16, 2018 at 3:22 PM, Jakob Bohm via dev-security-policy <
dev-security-policy@lists.mozilla.org> wrote:
If that CA has a practice that they actually do something about high
risk names, it would still be expected (in the normal, not legal,
sens
9 matches
Mail list logo