Thank you again,
On section 1 - we now added links to the current BR etc, and removed the
"annual" update so we are bound to update anytime a new version is released.
About the homograph spoofing - we have changed the section so now it tells its
only automatic (because as you have pointed,
Thank you for your notes,
Here are the answers to your points.
all the "bad" points about the CPS were addressed:
Both CPS'es are changed to ver 4.1
section 1 states that we are addressing the *latest* BR
3.2.2.4 was corrected
the CPS'es in our site has been updated
I’m attaching the new CPS'es
Thank you for your notes,
Here are the answers to your points.
all the "bad" points about the CPS were addressed:
Both CPS's are now changed to ver 4.1
section 1 states that we are addressing the latest BR
3.2.2.4 was corrected
i'm also attaching the new CPS'es so you can review them
About the
Hi Wayne,
as requested i added the file with the certificates issued since 26/10/2014
until 31/03/2015 to the bug,
Back then it seems we didn’t have a WebTrust audit (I believe we started in
2015) but only external CPA and governmental audits as are attached already.
The reason we didn’t have
Hi Ryan,
I noticed that your notes refer to a previous version of the CPS and not the
current one
here is a link to the current version which is 4.1.
https://s3-us-west-2.amazonaws.com/comsign/CPS/CPS_4.1_eng.pdf
About the CA software – we are now under auditing for our new Microsoft CA and
Hi, thank you for pointing the above
Here is our response:
Section 1.3.2.5
We have corrected our CPS now that only limited actions could be performed by
DTP's
And they cannot perform domain validation.
Section 3.2.2.4
We are aware of the problems with the methods that have been raised, we
Hi Wyane,
resopnding to your notes:
Section 4.9 states that in any case that Comsign is notified about a
misissuance (no matter if it was notified by a subscriber or in any other way)
Comsign shall revoke the certificate.
It is true that we didn’t update the version number and we have
uot;For the handling of revocation requests by other than the Subscriber or
his/her representative, refer to Section 4.9 below."
> Cheers,
> Julien
>
> On Mon, Feb 5, 2018 at 4:23 PM, YairE via dev-security-policy <
> dev-security-policy@lists.mozilla.org> wrote:
>
Hi Wayne,
Please realize our situation versus the Israeli market. We are the major
certificate authority and we comply with every piece of local regulation, we
are also members of international forums and trying to establish a CA in the UK
with a new "international" root (Comsign
Dear Ryan, with all due respect and we do respect you, back in 2016 all the
issues you mentioned were about the CPS and were corrected.
It took us a lot to create the documentation you've asked for.
There was no mentioning of any kind about our CA software or anything about the
root itself.
We
Dear Wayne
We do understand the issues raised and instead of addressing each one
separately we would give a shorter answer:
We do agree that mistakes were made with this rootCA and we understand your
hesitation.
We also believe that our current CPS state is well and that we made a lot of
Dear Ryan
We need to refer to the points you have raised regarding the ROOT KEY – we must
stress that the ROOT KEY and the ROOT CA are two different and separate
entities.
Whilst the ROOT CA does have some history the ROOT KEY was never (and shouldn’t
be) in question.
“I hope you can
Dear Wayne,
What is the decision on our matter?
Can we start the new Root process (new Certificate with new KeyPair and the new
CA software) and proceed the inclusion from this point later?
Our next steps will be to create all the above and disclose all the needed
audits as required by Mozilla
On Monday, January 22, 2018 at 9:32:13 PM UTC+2, Wayne Thayer wrote:
> Today I noticed the following ComSign response to question 6 [1] in
> Mozilla's November 2017 CA Communication:
>
> We are in the process of perfecting our CAA system. As far as I know we do
> > not have a devoted mailbox for
Hi Ryan, thanks for your reply
I'm afraid I didn't make my question clear enough or that i was missing
something in the link you sent to me
what I am asking is this:
in a subscriber certificate under subject
every CA i saw puts a CN=domain name
what I understand from the BR is that the best
Hi everyone,
I tried to dive into the best certificate structure and there are two things
that bother me:
In both the CA\B F BR and the EV guidelines it clearly states that the
SubjectCN is deprecated, so I learn from that that the best subscriber
certificate structure would simply not
16 matches
Mail list logo