Re: Policy 2.5 Proposal: Remove the bullet about "fraudulent use"

2017-05-04 Thread Jakob Bohm via dev-security-policy
the entity controlling exampLe.com. And vice versa. Note that "High Risk Certificate Requests" can still be fulfilled, they just require extra checks of their legitimacy, as per BR 4.2.1. *From: *Gervase Markham *Sent: *Tuesday, May 2, 2017 5:46 AM *To: *Peter Kurrasch; mozilla-d

Re: Policy 2.5 Proposal: Remove the bullet about "fraudulent use"

2017-05-03 Thread Gervase Markham via dev-security-policy
On 03/05/17 16:45, Peter Kurrasch wrote: > Perhaps a different way to pose the questions here is whether Mozilla > wants to place any expectations on the CA's regarding fraud and the > prevention thereof. You need to be more specific, because there are lots of different ways a system can have

Re: Policy 2.5 Proposal: Remove the bullet about "fraudulent use"

2017-05-03 Thread Peter Kurrasch via dev-security-policy
From: Gervase MarkhamSent: Tuesday, May 2, 2017 5:46 AMTo: Peter Kurrasch; mozilla-dev-security-pol...@lists.mozilla.orgSubject: Re: Policy 2.5 Proposal: Remove the bullet about "fra

Re: Policy 2.5 Proposal: Remove the bullet about "fraudulent use"

2017-05-02 Thread 袁剑波 via dev-security-policy
thanks 发自网易邮箱大师 在2017年05月03日 10:15,Jakob Bohm via dev-security-policy 写道: On 02/05/2017 12:46, Gervase Markham wrote: > On 02/05/17 01:55, Peter Kurrasch wrote: >> I was thinking that fraud takes many forms generally speaking and that >> the PKI space is no different. Given that Mozilla (and

Re: Policy 2.5 Proposal: Remove the bullet about "fraudulent use"

2017-05-02 Thread Gervase Markham via dev-security-policy
On 02/05/17 01:55, Peter Kurrasch wrote: > I was thinking that fraud takes many forms generally speaking and that > the PKI space is no different. Given that Mozilla (and everyone else) > work very hard to preserve the integrity of the global PKI and that the > PKI itself is an important tool to

Re: Policy 2.5 Proposal: Remove the bullet about "fraudulent use"

2017-05-01 Thread Peter Kurrasch via dev-security-policy
:49 AMTo: Peter Kurrasch; mozilla-dev-security-pol...@lists.mozilla.orgSubject: Re: Policy 2.5 Proposal: Remove the bullet about "fraudulent use"On 01/05/17 16:28, Peter Kurrasch wrote:> Gerv, does this leave the Mozilla policy with no position statement regarding fraud in the global PK

Re: Policy 2.5 Proposal: Remove the bullet about "fraudulent use"

2017-05-01 Thread Gervase Markham via dev-security-policy
On 01/05/17 16:28, Peter Kurrasch wrote: > Gerv, does this leave the Mozilla policy with no position statement regarding > fraud in the global PKI? What do you mean by "in"? Gerv ___ dev-security-policy mailing list

Re: Policy 2.5 Proposal: Remove the bullet about "fraudulent use"

2017-05-01 Thread Peter Kurrasch via dev-security-policy
: Policy 2.5 Proposal: Remove the bullet about "fraudulent use" On 20/04/17 14:39, Gervase Markham wrote: > So I propose removing it, and reformatting the section accordingly. Edit made as proposed. Gerv ___ dev-security-policy mailing list

Re: Policy 2.5 Proposal: Remove the bullet about "fraudulent use"

2017-05-01 Thread Gervase Markham via dev-security-policy
On 20/04/17 14:39, Gervase Markham wrote: > So I propose removing it, and reformatting the section accordingly. Edit made as proposed. Gerv ___ dev-security-policy mailing list dev-security-policy@lists.mozilla.org

Re: Policy 2.5 Proposal: Remove the bullet about "fraudulent use"

2017-04-21 Thread Eric Mill via dev-security-policy
I strongly support removing any ambiguity about CAs not being required to police certificate issuance, and agree on the unuseful level of subjectivity that would be present in any attempt to enforce this clause. -- Eric On Thu, Apr 20, 2017 at 7:11 PM, Matt Palmer via dev-security-policy <

Re: Policy 2.5 Proposal: Remove the bullet about "fraudulent use"

2017-04-20 Thread Matt Palmer via dev-security-policy
On Thu, Apr 20, 2017 at 02:39:12PM +0100, Gervase Markham via dev-security-policy wrote: > So I propose removing it, and reformatting the section accordingly. Do t. Do t nw! (That's me strongly agreeing with the proposal, in case my faux-Ren accent is impenetrable) - Matt

Re: Policy 2.5 Proposal: Remove the bullet about "fraudulent use"

2017-04-20 Thread Ryan Sleevi via dev-security-policy
+1 to what sounds like a perfectly reasonable position ___ dev-security-policy mailing list dev-security-policy@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-security-policy