xt of the original question.
>
> Given this, and the fact that I believe it is in everyone's best interest
> to resolve the current ambiguity over Mozilla's policy on logotypes, I
> again propose to add logotype extensions to our Forbidden Practices[1], as
> follows:
>
&g
o trigger that clause. This seems
like a much more difficult problem to solve, and one that doesn't need to
be addressed in the context of the original question.
Given this, and the fact that I believe it is in everyone's best interest
to resolve the current ambiguity over Mozilla
icy
> On Behalf Of Ryan Sleevi via dev-security-policy
> Sent: Friday, July 12, 2019 3:01 PM
> To: Doug Beattie
> Cc: mozilla-dev-security-policy <
> mozilla-dev-security-pol...@lists.mozilla.org>; Wayne Thayer <
> wtha...@mozilla.com>
> Subject: Re: Logotype exte
is is not true, then issuance is permitted under
the current policy.
-Original Message-
From: dev-security-policy On
Behalf Of Ryan Sleevi via dev-security-policy
Sent: Friday, July 12, 2019 3:01 PM
To: Doug Beattie
Cc: mozilla-dev-security-policy
; Wayne Thayer
Subject: Re: Log
Alternatively:
There is zero reason these should be included in publicly trusted certs
used for TLS, and ample harm. It is not necessary nor essential to securing
TLS, and that should remain the utmost priority.
CAs that wish to issue such certificates can do so from alternate
hierarchies. There
ation
method).
Doug
-Original Message-
From: dev-security-policy On
Behalf Of Phillip Hallam-Baker via dev-security-policy
Sent: Thursday, July 11, 2019 11:53 PM
To: Wayne Thayer
Cc: mozilla-dev-security-policy
; hous...@vigilsec.com
Subject: Re: Logotype extensions
On Thu, Jul 11, 2019 at
On Thu, Jul 11, 2019 at 12:19 PM Wayne Thayer wrote:
> On Wed, Jul 10, 2019 at 7:26 PM Phillip Hallam-Baker <
> ph...@hallambaker.com> wrote:
>
>> Because then the Mozilla ban will be used to prevent any work on
>> logotypes in CABForum and the lack of CABForum rules will be used as
>> pretext fo
e Thayer via dev-security-policy <
>>> dev-security-policy@lists.mozilla.org> wrote:
>>>
>>>> Russ,
>>>>
>>>> >
>>>> Perhaps one of us is confused because I think we're saying the same
>>>> thing -
>>>
[Fixing the From to match list membership]
On Wed, Jul 10, 2019 at 2:41 PM housley--- via dev-security-policy <
dev-security-policy@lists.mozilla.org> wrote:
> On Friday, July 5, 2019 at 7:53:45 PM UTC-4, Wayne Thayer wrote:
> > Based on this discussion, I propose adding the following statement t
On Wed, Jul 10, 2019 at 4:54 PM Wayne Thayer via dev-security-policy <
dev-security-policy@lists.mozilla.org> wrote:
> Russ,
>
> >
> Perhaps one of us is confused because I think we're saying the same thing -
> that rules around inclusion of Logotype extensions in pu
ozilla.org> wrote:
>>
>>> Russ,
>>>
>>> >
>>> Perhaps one of us is confused because I think we're saying the same
>>> thing -
>>> that rules around inclusion of Logotype extensions in publicly-trusted
>>> certs should b
ozilla.org> wrote:
>>
>>> Russ,
>>>
>>> >
>>> Perhaps one of us is confused because I think we're saying the same
>>> thing -
>>> that rules around inclusion of Logotype extensions in publicly-trusted
>>> certs should be in place before
27;re saying the same thing
>> -
>> that rules around inclusion of Logotype extensions in publicly-trusted
>> certs should be in place before CAs begin to use this extension.
>>
>
> I don't see how your proposed ban on logotypes is consistent. What that
> woul
On Wed, Jul 10, 2019 at 4:54 PM Wayne Thayer via dev-security-policy <
dev-security-policy@lists.mozilla.org> wrote:
> Russ,
>
> >
> Perhaps one of us is confused because I think we're saying the same thing -
> that rules around inclusion of Logotype extensions in pu
> logo in the toolbar.
>
> I would suggest that a better way forward is to start the hard work on the
> validation process. It will not be difficult for that to become more
> robust and accessible than the logos in the toolbar.
>
>
Perhaps one of us is confused because I think we
On Wed, Jul 10, 2019 at 2:41 PM housley--- via dev-security-policy <
dev-security-policy@lists.mozilla.org> wrote:
> On Friday, July 5, 2019 at 7:53:45 PM UTC-4, Wayne Thayer wrote:
> > Based on this discussion, I propose adding the following statement to the
> > Mozilla Forbidden Practices wiki p
On Wed, Jul 10, 2019 at 2:41 PM housley--- via dev-security-policy <
dev-security-policy@lists.mozilla.org> wrote:
> People find logos very helpful. That is why many browsers display a tiny
> logo in the toolbar.
>
Are you talking the favicon? An attacker controlled resource which should
not be
On Friday, July 5, 2019 at 7:53:45 PM UTC-4, Wayne Thayer wrote:
> Based on this discussion, I propose adding the following statement to the
> Mozilla Forbidden Practices wiki page [1]:
>
> ** Logotype Extension **
> Due to the risk of misleading Relying Parties and the lack of defined
> validatio
y <
> dev-security-policy@lists.mozilla.org>
> Sent: Friday, July 5, 2019 5:53:24 PM
> To: mozilla-dev-security-policy
> Subject: Re: Logotype extensions
>
> Based on this discussion, I propose adding the following statement to the
> Mozilla Forbidden Practices wiki page [1]
3:24 PM
To: mozilla-dev-security-policy
Subject: Re: Logotype extensions
Based on this discussion, I propose adding the following statement to the
Mozilla Forbidden Practices wiki page [1]:
** Logotype Extension **
Due to the risk of misleading Relying Parties and the lack of defined
validation sta
Based on this discussion, I propose adding the following statement to the
Mozilla Forbidden Practices wiki page [1]:
** Logotype Extension **
Due to the risk of misleading Relying Parties and the lack of defined
validation standards for information contained in this field, as discussed
here [2], C
On 14/06/2019 18:54, Ryan Sleevi wrote:
> On Fri, Jun 14, 2019 at 4:12 PM Jakob Bohm via dev-security-policy <
> dev-security-policy@lists.mozilla.org> wrote:
>
>> In such a case, there are two obvious solutions:
>>
>> A. Trademark owner (prompted by applicant) provides CA with an official
>>
ion. Given that validation for trademarks/Logotype extensions is not
specified anywhere in the BRs or EV Guidelines, there is no such language
allowing the use of trademark data obtained from PSA companies in certificates.
Additionally, as Ryan alluded to, it is reasonable to interpret the defin
CAs already have rules allowing a Parent, Subsidiary, or Affiliate (all defined
terms) to obtain certs for domains owned by each other - so Alphabet-Google,
for example, can get certs for domains owned by each other. So we would use
the same rules to make certain the registered trademark owner
On Fri, Jun 14, 2019 at 4:12 PM Jakob Bohm via dev-security-policy <
dev-security-policy@lists.mozilla.org> wrote:
> In such a case, there are two obvious solutions:
>
> A. Trademark owner (prompted by applicant) provides CA with an official
>permission letter stating that Applicant is explici
On 14/06/2019 04:16, Corey Bonnell wrote:
On Thursday, June 13, 2019 at 2:04:48 AM UTC-4, kirkhal...@gmail.com wrote:
On Tuesday, June 11, 2019 at 2:49:31 PM UTC+3, Jeremy Rowley wrote:
We wanted to experiment a bit with logotype extensions and trademarks, but
we heard from the CAB Forum that
On Thu, Jun 13, 2019 at 2:04 AM kirkhalloregon--- via dev-security-policy <
dev-security-policy@lists.mozilla.org> wrote:
> Jeremy is correct - including strongly verified registered trademarks via
> extensions in EV certs is permitted (i.e., not forbidden) by BR Section
> 7.1.2.4.
It's unclear
On Tuesday, June 11, 2019 at 2:49:31 PM UTC+3, Jeremy Rowley wrote:
> We wanted to experiment a bit with logotype extensions and trademarks, but
> we heard from the CAB Forum that whether inclusion is allowed is subject a
> bit to interpretation by the browsers.
>
>
>
>
On Tuesday, June 11, 2019 at 2:49:31 PM UTC+3, Jeremy Rowley wrote:
> We wanted to experiment a bit with logotype extensions and trademarks, but
> we heard from the CAB Forum that whether inclusion is allowed is subject a
> bit to interpretation by the browsers.
>
>
>
>
I agree with Corey.
On Wed, Jun 12, 2019 at 4:28 AM Jeremy Rowley via dev-security-policy <
dev-security-policy@lists.mozilla.org> wrote:
> That argument applies to every extension not expressly permitted by the
> BRs.
Yup. It definitely puts the onus on the CA to demonstrate how they're not
vi
-pol...@lists.mozilla.org
Subject: Re: Logotype extensions
On Tuesday, June 11, 2019 at 7:49:31 AM UTC-4, Jeremy Rowley wrote:
> We wanted to experiment a bit with logotype extensions and trademarks, but
> we heard from the CAB Forum that whether inclusion is allowed is subject a
&g
On Tuesday, June 11, 2019 at 7:49:31 AM UTC-4, Jeremy Rowley wrote:
> We wanted to experiment a bit with logotype extensions and trademarks, but
> we heard from the CAB Forum that whether inclusion is allowed is subject a
> bit to interpretation by the browsers.
>
>
>
>
We wanted to experiment a bit with logotype extensions and trademarks, but
we heard from the CAB Forum that whether inclusion is allowed is subject a
bit to interpretation by the browsers.
>From the BRs section 7.1.2.4
"All other fields and extensions MUST be set in accordance with
33 matches
Mail list logo