On 13/02/17 16:18, Peter Bowen wrote:
> In addition to updating it to follow formal policy language, I would
> suggest adding it directly to the policy. As it stands today there
> are 79 pages in the wiki starting with "CA:". It simply isn't
> possible to know which ones are effectively part of t
On Mon, Feb 13, 2017 at 4:14 AM, Gervase Markham via
dev-security-policy wrote:
> On 10/02/17 12:40, Inigo Barreira wrote:
>> I see many "should" in this link. Basically those indicating "should notify
>> Mozilla" and "should follow the physical relocation section".
>
> It may be that this documen
=startcomca@lists.mozilla.org] On
Behalf Of Gervase Markham via dev-security-policy
Sent: lunes, 13 de febrero de 2017 13:15
To: mozilla-dev-security-pol...@lists.mozilla.org
Subject: Re: Public disclosure of root ownership transfers (was: Re: Google
Trust Services roots)
Hi Inigo.
On 10/02/17 12:40
Hi Inigo.
On 10/02/17 12:40, Inigo Barreira wrote:
> I see many "should" in this link. Basically those indicating "should notify
> Mozilla" and "should follow the physical relocation section".
It may be that this document does need redoing in formal policy
language. In the mean time, anyone unce
@lists.mozilla.org
Subject: Re: Public disclosure of root ownership transfers (was: Re: Google
Trust Services roots)
On 10/02/17 06:15, Richard Wang wrote:
> I think Mozilla should have a very clear policy for:
> (1) If a company that not a public trusted CA acquired a trusted root
key, w
On 10/02/17 05:10, Peter Bowen wrote:
> On Thu, Feb 9, 2017 at 7:41 AM, Gervase Markham via
>> A) The date Google took control of the GlobalSign roots
>> B) The date Google publicly announced GTS
>>
>> you will see there's quite a big delta. If you assume Google told
>> Mozilla about event A) befor
On 10/02/17 06:15, Richard Wang wrote:
> I think Mozilla should have a very clear policy for:
> (1) If a company that not a public trusted CA acquired a trusted root key,
> what the company must do?
> (2) If a company is a public trusted CA that acquired a trusted root key,
> what the company m
-security-policy
Sent: Friday, February 10, 2017 1:10 PM
To: Gervase Markham
Cc: mozilla-dev-security-pol...@lists.mozilla.org
Subject: Re: Public disclosure of root ownership transfers (was: Re: Google
Trust Services roots)
On Thu, Feb 9, 2017 at 7:41 AM, Gervase Markham via dev-security-policy
wrote
On Thu, Feb 9, 2017 at 7:41 AM, Gervase Markham via
dev-security-policy wrote:
> On 09/02/17 14:32, Gijs Kruitbosch wrote:
>> Would Mozilla's root program consider changing this requirement so that
>> it *does* require public disclosure, or are there convincing reasons not
>> to? At first glance,
On 09/02/17 14:32, Gijs Kruitbosch wrote:
> Would Mozilla's root program consider changing this requirement so that
> it *does* require public disclosure, or are there convincing reasons not
> to? At first glance, it seems like 'guiding' CAs towards additional
> transparency in the CA market/indust
10 matches
Mail list logo
