Re: Root Inclusion Completeness Checks

Currently, I am very busy working on the CCADB updates. Maybe I can provide something in January. Thanks for your patience. Ben On Thu, Dec 22, 2022 at 10:46 AM Kurt Seifried wrote: > Ping, any movement on this? > > On Mon, Dec 12, 2022 at 11:04 AM Ben Wilson wrote: > >>

Re: [EXTERNAL] Re: [elixir-core:11221] [proposal] Use patterns to filter data (good for pipes)

Apologies, I missed that you addressed how `{1, 2, 3} |> pattern_filter({1, a, b})` would work in your earlier reply, in that you only allow a single variable to be bound. This further reduces its general applicability. On Thursday, December 15, 2022 at 4:12:37 PM UTC-5 Ben Wilson wrote: &

Re: [EXTERNAL] Re: [elixir-core:11219] [proposal] Use patterns to filter data (good for pipes)

Hi Matt, I am not on the core team nor do I speak for them. From what I have generally seen, "alternative APIs" that can be implemented as libraries generally should just stay libraries, unless there develops a strong following that makes it clear that such an API should be moved into the

Re: Email requirements to speak on behalf of a CA on the list

All, Besides this, I think there might be a misunderstanding with some people that they have to use a Gmail account for the list because it is hosted using Google Groups. I hope we can get the word out that any email address should be able to subscribe to this list. Ben On Tuesday, December

Re: Root Inclusion Completeness Checks

Kurt, I'll see if there is anything I can provide that might be helpful. Ben On Mon, Dec 12, 2022 at 10:37 AM Kurt Seifried wrote: > Can you share/link the Mozilla processes for verifying these > documents/ownership/etc? > > On Mon, Dec 12, 2022 at 10:19 AM Ben Wilson wrote:

Root Inclusion Completeness Checks

do I > validate who owns the CA? HOW is the community supposed to accomplish these > things? > > > > On Mon, Dec 5, 2022 at 1:01 PM Ben Wilson wrote: > >> Hi Kurt, >> With regard to Mozilla's process, here is some helpful information: >> https://wiki.mozilla.o

Re: Policy 2.8.1: MRSP Issue #256: Requirement that Partitioned CRLs include an Issuing Distribution Point extension

cifies the CRL profile with details > that are not necessarily specific to CCADB. > > > > Thanks, > > Corey > > > > *From:* Ben Wilson > *Sent:* Wednesday, November 30, 2022 3:15 PM > *To:* Aaron Gable > *Cc:* Corey Bonnell ; dev-secur...@mozilla.org > ; And

Wiki Dashboards Down

All, This is just to let you know that we are aware that the wiki dashboards are not populating with data from Bugzilla. https://wiki.mozilla.org/CA/Dashboard https://wiki.mozilla.org/CA/Incident_Dashboard https://wiki.mozilla.org/CA/CCADB_Dashboard I've filed a bug to get this fixed. See

Re: Policy 2.8.1: MRSP Issue #256: Requirement that Partitioned CRLs include an Issuing Distribution Point extension

> That being said, I agree that your proposal is much more concise than the >> other proposals. If folks think my concern about explicitly enumerating >> allowances is unreasonable, then I think your language is fine. >> >> >> >> Thanks, >> >> Corey >

Public Discussion of BJCA's CA inclusion request

All, A six-week public discussion of BJCA's CA inclusion request has begun on the CCADB Public List: https://groups.google.com/a/ccadb.org/g/public/c/o9lbCbr92Ug/m/KJSSWiyWGQAJ Thanks, Ben -- You received this message because you are subscribed to the Google Groups

Changes to the Mozilla CA Inclusion Dashboard

All, I have posted a question to the CCADB Public List regarding changes to the Mozilla certificate change request dashboard ( https://wiki.mozilla.org/CA/Dashboard) - see https://groups.google.com/a/ccadb.org/g/public/c/X5_TIDhR8zQ/m/ykQYksYOGQAJ. Thanks, Ben -- You received this message

Re: KamuSM request to Expand to .tr ccTLD

> https://bugzilla.mozilla.org/show_bug.cgi?id=1262809#c33 >> The public discussion thread also indicates the same - >> https://groups.google.com/g/mozilla.dev.security.policy/c/vjXyml8Hy-E/m/5JUs8e3YDAAJ >> . >> Ben >> >> >> >> On Wed, Nov 2, 20

Re: Policy 2.8.1: Candidate Issues to Address in MRSP v. 2.8.1

00 PM UTC-7 bwi...@mozilla.com wrote: > >> There is a possible correction to my last post re: 365 days, which might >> change to 398 days - see my comment here - >> https://github.com/cabforum/servercert/issues/370#issuecomment-1113441809 >> . >> >> On Mon,

Re: New whiteboard tags for incidents reported on Bugzilla

All, Also, to keep the discussion clean and simple, just post your suggestions and recommendations to the CCADB Public List. Thanks, Ben On Mon, Nov 21, 2022 at 3:52 PM Ben Wilson wrote: > Cross-posting to both CCADB Public and Mozilla dev-security-policy. > > All, > > To

New whiteboard tags for incidents reported on Bugzilla

Cross-posting to both CCADB Public and Mozilla dev-security-policy. All, To achieve better incident tracking and to improve incident prevention and remediation over time, we are proposing additional whiteboard tags (which are added after [ca-compliance]) for incidents reported in Bugzilla. The

Discussion of SERPRO Inclusion Request on CCADB Public

All, As previously announced, public discussions of root inclusion requests will be taking place on the CCADB public list. Public discussion of a request for inclusion by SERPRO is taking place there now through the end of the year. Here is a link to the relevant thread.

[elixir-core:11190] Re: Proposal: Introduce string limit function.

This seems reasonably straight forward to implement in your own code base: ``` def truncate(string, length, padding \\ ".") do string |> String.slice(0, length) |> String.pad_trailing(String.length(string), padding) end ``` Not seeing a strong need to include it in the standard library.

Re: Policy 2.8.1: MRSP Issue #249: Clarification re: all CPs and CPSes

a scenario or complication, then I'm open to suggestions, and the language can be modified to make our goals more clear. Thanks, Ben On Fri, Nov 18, 2022 at 11:17 AM Matthias van de Meent wrote: > On Fri, 18 Nov 2022 at 16:39, Ben Wilson wrote: > > > > Hi Matthias, > > Before I

Re: Policy 2.8.1: MRSP Issue #249: Clarification re: all CPs and CPSes

Hi Matthias, Before I answer the questions, I think example dates need to be associated with the events in the example cited below. Thanks, Ben On Thu, Nov 17, 2022 at 4:40 PM Matthias van de Meent wrote: > On 15 Nov 2022 at 00:33 Ben Wilson wrote: > > This discussion threa

Policy 2.8.1: MRSP Issue #256: Requirement that Partitioned CRLs include an Issuing Distribution Point extension

This discussion thread is to address Issue #256 and the need to clarify that partitioned CRLs need to include a critical Issuing Distribution Point extension. The language proposed for addition to Mozilla Root Store Policy section 4.1

Re: Policy 2.8.1: MRSP Issue #249: Clarification re: all CPs and CPSes

;reasonably available", which effectively changes the requirement > from a MUST to a SHOULD. Is that the intended interpretation? > > Den tir. 15. nov. 2022 kl. 00.33 skrev Ben Wilson : > >> All, >> >> This discussion thread relates to the GitHub Mozilla PKI Policy Issue

Policy 2.8.1: MRSP Issue #253: CAs MUST specify BR 3.2.2.4 Methods

All, The purpose of this thread is to discuss any concerns or suggestions regarding a sentence in item 3 of section 2.2 in the Mozilla Root Store Policy . In Mozilla's PKI Policy

Policy 2.8.1: MRSP Issue #257: Requiring CAs to follow Discussions on the CCADB Public List

All, This discussion thread relates to Issue #257 in the Mozilla PKI Policy repository on GitHub. The proposed language for the last paragraph of section 2.1 of the Mozilla Root Store Policy

Policy 2.8.1: MRSP Issue #243: Update periods for CPs and CPSes

All, The purpose of this thread is to discuss changing the period of time required for updating CPs and CPSes (in item 4 of Section 3.3 of the Mozilla Root Store Policy ). This is in relation to

Re: Policy 2.8.1: Candidate Issues to Address in MRSP v. 2.8.1

There is a possible correction to my last post re: 365 days, which might change to 398 days - see my comment here - https://github.com/cabforum/servercert/issues/370#issuecomment-1113441809. On Mon, Nov 14, 2022 at 5:25 PM Ben Wilson wrote: > All, > I've added Issue <https://github.co

Re: Policy 2.8.1: Candidate Issues to Address in MRSP v. 2.8.1

larified. I'll post something separately to the CA/B Forum's server-cert-WG list. This proposed change will also align with the CCADB's built-in 365-day calculation, which checks CP/CPS publication dates. Ben On Fri, Nov 11, 2022 at 11:50 AM Ben Wilson wrote: > All, > > I have narrowed d

Policy 2.8.1: MRSP Issue #249: Clarification re: all CPs and CPSes

All, This discussion thread relates to the GitHub Mozilla PKI Policy Issue #249 . Here are the currently proposed changes to item 7 of Mozilla Root Store Policy (MRSP) section 3.3

Policy 2.8.1: MRSP Issue #251: Full CRL Publication Requirements

The current subject line for GitHub Mozilla PKI Policy Issue #251 is "Edit MRSP 4.1 to clarify full CRL publication issues in the CCADB". Currently, section 4.1 of MRSP

Policy 2.8.1: Candidate Issues to Address in MRSP v. 2.8.1

All, I have narrowed down proposed changes for the version 2.8.1 batch of changes to clarifications needed in the Mozilla Root Store Policy (MRSP) to the following: Issue #249 – Clarify that CA operators are required to maintain *all* applicable

Updates for CCADB Public Discussion Process

All, I have edited some of the Mozilla wiki pages to clarify that public discussion of certificate inclusion requests will be conducted on the new CCADB Public List . https://wiki.mozilla.org/CA/Application_Process

Re: KamuSM request to Expand to .tr ccTLD

:26 PM Matt Palmer wrote: > On Wed, Nov 02, 2022 at 09:16:37AM -0600, Ben Wilson wrote: > > We have received a request from Kamu Sertifikasyon Merkezi (KamuSM) ( > > https://kamusm.bilgem.tubitak.gov.tr/) to expand its TLD restriction in > NSS > > to the .tr ccTLD level

KamuSM request to Expand to .tr ccTLD

anyone with concerns or questions to raise them on this list by replying directly in this discussion thread. Likewise, a representative of KamuSM must promptly respond directly in the discussion thread to all questions that are posted. Thanks, Ben Wilson Mozilla Root Program Manager -- You received this m

Clarifications for MRSP v.2.8 Effective Dates

All, In a recent bug[1] we received a couple of requests for clarifications of the Mozilla Root Store Policy (MRSP), version 2.8, which require further discussion here. The first request concerned OCSP for precertificates generated before October 1, 2022,[2] and the second highlighted how we do

Re: [elixir-core:11166] A More Human DateTime Comparison API

Making < and <= work in general for DateTime has been discussed and isn't feasible. The macro answer I kinda love. On Monday, October 31, 2022 at 3:42:16 PM UTC-4 m...@achempion.com wrote: > Is it possible to modify language in a way to make >,<, = work for dates? > > The datetime's struct has

Re: [elixir-core:11163] A More Human DateTime Comparison API

> DateTime.compare(a, :<, b) would get my vote of the alternative proposals but I think it doesn't move much the needle in comparison to DateTime.compare. To me this is a pretty big difference difference, because with an `import` it does 2 things: 1) Eliminates the existence of an irrelevant,

Re: [elixir-core:11107] Partially applied pipelines/currying/etc

I think it would be helpful to see examples of regular Elixir code today that would be improved with this operator. The Plug example doesn't really work for me because Plug is doing a bunch of compile time stuff anyway and it also isn't using the pipe operator. On Tuesday, October 25, 2022 at

Re: Proposed Updates to MRSP to Address Root CA Life Cycles

that make this schedule obsolete. CA operators MUST apply to Mozilla for inclusion of their next generation root certificate at least 2 years before the applicable distrust date. Thoughts? Ben On Fri, Oct 14, 2022 at 3:56 PM Ben Wilson wrote: > All, > Are there any additional comments on Jeremy'

Re: Proposed Updates to MRSP to Address Root CA Life Cycles

ind regards > Roman > > > > *From:* 'Jeremy Rowley' via dev-security-policy@mozilla.org < > dev-security-policy@mozilla.org> > *Sent:* Mittwoch, 21. September 2022 17:40 > *To:* Ben Wilson ; Li-Chun CHEN < > lcchen.ci...@gmail.com> > *Cc:* dev-security-policy@m

Re: MRSP § 3.3 Clarification re: public archiving of CPs and CPSes

at 4:23 PM Ben Wilson wrote: > All, > > In response to CA operators' requests for clarifications on our new > Mozilla Root Store Policy (MRSP) requirement that they make all of their > Certificate Policies (CPs), and Certification Practices Statements (CPSes) > (or combined CP/

Re: Proposed Updates to MRSP to Address Root CA Life Cycles

t; > On Mon, Sep 19, 2022 at 1:44 PM Ben Wilson wrote: > >> Here is another option (deleting the other MRSP language previously >> proposed): >> >> Section 7.4 “Root CA Life Cycles” >> >> Root CA certificates included in the Mozilla root store will be >

Re: Proposed Updates to MRSP to Address Root CA Life Cycles

rising from the expiry of Root CA1. “ >> >>"In order to minimize the impact of accessibility of local websites >> using our TLS server certificates by Hong Kong mobile device users to a >> manageable level, we consider issuing the new cross-certificate signed by &g

Re: Protection against BGP hijacking

All, In the article, I saw advice about actions that project owners can take to protect themselves, but what about things that CAs or root store programs can or should do? Ben On Thu, Sep 29, 2022 at 12:16 AM Michel Le Bihan < michel.lebihan2...@gmail.com> wrote: > Recently there was another

Re: CRL Issuance Frequency for non-published CRLs

haining up to an included CA Certificate in the Apple > Root Program. > > > Thanks again for the feedback and input on this. > > Cheers! > -Clint > > On Sep 21, 2022, at 4:45 PM, Ben Wilson wrote: > > Hi Rob, > > Your message is well-received. I'll see

Re: CRL Issuance Frequency for non-published CRLs

Wilson' via dev-security-policy@mozilla.org > *Sent:* Wednesday, September 21, 2022 21:36 > *To:* Rob Stradling > *Cc:* Ben Wilson; Christophe Bonjean; MDSP > *Subject:* Re: CRL Issuance Frequency for non-published CRLs > > Hi Rob, > > It’s possible, but not gua

Re: Proposed Updates to MRSP to Address Root CA Life Cycles

irmed with our auditor to ensure > our revised plan with no compliance concerns." > > > Note that Hong Kong Post CA's Root CA1 is RSA 2048 with SHA-1. Their > new cross-sign certificate RSA 4096 with SHA-256 i: > https://crt.sh/?id=7224214828. > > > > Thanks to M

Re: CCADB Update: "Add/Update Root Request” Case type

Hi Rob, I'm doing acceptance testing on the changes, and then we should be good to go. Give me a couple of hours. Thanks, Ben On Thu, Sep 15, 2022 at 7:07 AM 'Rob Stradling' via dev-security-policy@mozilla.org wrote: > > Please do not modify data in the CCADB during this update. > > There will

Re: Proposed Updates to MRSP to Address Root CA Life Cycles

dited and represented in > audit statements, similar to the structured reporting format required for > CA certificates (see Section 8.6 of the BRs). > > Thanks, and please let me know if there are any questions! > > - Ryan > > [on behalf of the Chrome Root Program] >

Re: Proposed Updates to MRSP to Address Root CA Life Cycles

Dimitris Zacharopoulos wrote: > > > On 16/8/2022 12:28 π.μ., Ben Wilson wrote: > > Addition to: Section 7.1 Inclusions > > CA key material MUST be generated within the three (3) years that precede > the submission of a CA inclusion request. The date of CA key mat

Re: Proposed Updates to MRSP to Address Root CA Life Cycles

Thank you, > Filippo > > 2022-08-25 19:11 GMT+02:00 Ben Wilson : > > Corey, > > Here is a sampling of responses we've had from other pre-2006 root CAs > that would be affected: > > > "This root still supports 2 TLS subordinate CAs. One certificate expires > in

[elixir-core:11036] Re: Flow Ecto like assertions in ExUnit

Seems like a good opportunity for a library. There's not anything I'm seeing there that would require changes to the core language. Building a library is a good way to test out if it's a popular idea and work though any of the design challenges. On Sunday, September 4, 2022 at 3:52:04 PM UTC-4

Re: CA Compliance Self-Assessment Update

Hi Dimitris, I have just updated the link to the template at https://wiki.mozilla.org/CA/Compliance_Self-Assessment. Thanks, Ben On Fri, Sep 2, 2022 at 4:31 AM Dimitris Zacharopoulos wrote: > > > On 1/9/2022 11:31 μ.μ., 'Chris Clements' via > dev-security-policy@mozilla.org wrote: > > The

Re: Entrust, ransomware, can they be trusted?

to light there was a real compromise >>>>> and huge risk and Mozilla knew privately but did nothing? Is risk to >>>>> internet users of no concern? >>>>> >>>>> Sent with Proton Mail <https://proton.me/> secure email. >>>

Re: CRL Issuance Frequency for non-published CRLs

intention to restrict this timeline in the future, we would like to > further discuss. > > > > Thanks > > > > Christophe > > > > *From:* dev-security-policy@mozilla.org *On > Behalf Of *Ben Wilson > *Sent:* Thursday, 11 August 2022 17:03 > *To:* Core

Re: Proposed Updates to MRSP to Address Root CA Life Cycles

Trust Bit, which would be effective approximately one year after the Stop-Issuance column. Thanks, Ben On Mon, Aug 22, 2022 at 1:21 PM Ben Wilson wrote: > Thanks, Corey > For a while now, I've been reaching out to the pre-2006 root CA operators. > I'll prepare a summary of w

Re: Proposed Updates to MRSP to Address Root CA Life Cycles

rous window so CAs have > time to transition. > > > > Thanks, > > Corey > > > > > > *From:* dev-security-policy@mozilla.org *On > Behalf Of *Ben Wilson > *Sent:* Monday, August 15, 2022 5:28 PM > *To:* dev-secur...@mozilla.org > *Subject:* Proposed Up

Re: Entrust, ransomware, can they be trusted?

Actually, Entrust reached out about a month ago with this message to me: *On June 18, 2022, we determined that an unauthorized party accessed certain of our systems used for internal operations – functions such as HR, finance, and marketing. We promptly began an investigation with the assistance

Proposed Baseline Requirements for the Issuance of S/MIME Certificates

on EKU (until such time as an independent document signing EKU can be established to properly separate use cases). § Strict presents the long-term target of the S/MIME Certificate Profile. Thanks. Ben Wilson Mozilla Root Store Program Manager -- You received this message because you are subs

[elixir-core:11017] Re: Proposal: Warn on assert %{} = x

To me this feels like a good use of credo or similar linter, not something that the Elixir compiler itself should warn about. `assert %{} = x` isn't the most idiomatic way to match but it isn't incoherent or invalid, just probably not best practice. On Tuesday, August 16, 2022 at 5:55:09 AM

Proposed Updates to MRSP to Address Root CA Life Cycles

All, Here is a set of proposed policy changes for your review and comment. The full draft document, which I've pasted below, is also available here: https://docs.google.com/document/d/1Hqu-9OxiLiAr4gliSOCAHYpOspbsL4I-sAuwmISWqWg/ Ben

Re: Public Discussion of DigitalSign's Global Roots (email trust bit only)

for any final objections. Thanks, Ben [1] https://groups.google.com/a/mozilla.org/g/dev-security-policy/c/Ajm_a5GKHCU/m/LO961rHVAAAJ [2] https://wiki.mozilla.org/CA/Application_Process#Process_Overview On Thu, Jul 21, 2022 at 10:40 PM Ben Wilson wrote: > Resending > > --

Re: CCADB Down Temporarily for Maintenance

s/updates> -> Create an Audit Case <https://docs.google.com/document/d/1tVsWCHmpaizpOAgYc_xYDBMq_RBzWPjD_sP6FqNX5y0/> Thanks, Ben On Tue, Aug 9, 2022 at 12:28 PM Ben Wilson wrote: > *Notice: * The CCADB is down temporarily for maintenance. It is being > updated to impl

Re: CRL Issuance Frequency for non-published CRLs

4.9.7 of the Baseline Requirements, "the CA SHALL update and reissue CRLs at least once every seven days " (In the future, we might want to see that time frame shortened.) Thanks, Ben Wilson Mozilla Root Store Program On Fri, Aug 5, 2022 at 1:08 PM 'Corey Bonnell' via dev-security-

CCADB Down Temporarily for Maintenance

be able to use the CCADB during this update. (learn more… <https://groups.google.com/a/mozilla.org/g/dev-security-policy/c/HYImOl8gsyM/m/BbgWUAw4BQAJ> ) Thanks, Ben Wilson Mozilla CA Program -- You received this message because you are subscribed to the Google Groups "dev-secu

Re: Public Discussion of SECOM Trust Systems' Inclusion Request

/a/mozilla.org/g/dev-security-policy/c/d3LIsEHnJkc/m/RJ223GFbAgAJ [2] https://wiki.mozilla.org/CA/Application_Process#Process_Overview On Tue, Jul 5, 2022 at 4:26 PM Ben Wilson wrote: > All, > > This is to announce the beginning of the public discussion phase of the > Mozilla root CA inclu

Re: [cabfpub] Voting Begins: FORUM-18, Allow Re-election of CWG Chairs and Vice Chairs

Mozilla votes "Yes" on Ballot Forum-18. On Wed, Jul 27, 2022 at 1:10 PM Tim Hollebeek via Public < public@cabforum.org> wrote: > > > Ballot FORUM-18, Allow Re-election of CWG Chairs and Vice Chairs > > > > Proposed by Tim Hollebeek of DigiCert and endorsed

Public Discussion of DigitalSign's Global Roots (email trust bit only)

, August 12, 2022, after which, if no concerns are raised, we will close the discussion and the request may proceed to the approval phase (Step 10). Sincerely yours, Ben Wilson Mozilla Root Store Program -- You received this message because you are subscribed to the Google Groups "dev-secur

Fwd: Public Discussion of DigitalSign's Global Roots (email trust bit only)

Resending -- Forwarded message - From: Ben Wilson Date: Thu, Jul 21, 2022 at 5:23 PM Subject: Public Discussion of DigitalSign's Global Roots (email trust bit only) To: dev-secur...@mozilla.org All, This is to announce the beginning of the public discussion phase

[Akonadi] [Bug 456297] Trying to streaming csgo under fedora 35 kde plasma 5.25.2 wayland

https://bugs.kde.org/show_bug.cgi?id=456297 --- Comment #2 from Ben Wilson-Hill --- Created attachment 150697 --> https://bugs.kde.org/attachment.cgi?id=150697=edit New crash information added by DrKonqi akonadiserver (5.20.1 (22.04.1)) using Qt 5.15.3 Fresh install just upda

[Akonadi] [Bug 456297] Trying to streaming csgo under fedora 35 kde plasma 5.25.2 wayland

https://bugs.kde.org/show_bug.cgi?id=456297 --- Comment #2 from Ben Wilson-Hill --- Created attachment 150697 --> https://bugs.kde.org/attachment.cgi?id=150697=edit New crash information added by DrKonqi akonadiserver (5.20.1 (22.04.1)) using Qt 5.15.3 Fresh install just upda

[Akonadi] [Bug 456297] Trying to streaming csgo under fedora 35 kde plasma 5.25.2 wayland

https://bugs.kde.org/show_bug.cgi?id=456297 Ben Wilson-Hill changed: What|Removed |Added CC||span...@backd00r.org -- You are receiving

[Akonadi] [Bug 456297] Trying to streaming csgo under fedora 35 kde plasma 5.25.2 wayland

https://bugs.kde.org/show_bug.cgi?id=456297 Ben Wilson-Hill changed: What|Removed |Added CC||span...@backd00r.org -- You are receiving

Public Discussion of SECOM Trust Systems' Inclusion Request

, after which, if no concerns are raised, we will close the discussion and the request may proceed to the approval phase (Step 10). Sincerely yours, Ben Wilson Mozilla Root Program Manager -- You received this message because you are subscribed to the Google Groups "dev-security-policy@mozi

Re: Draft May 2022 CA Communication and Survey

t; > Given this is now bringing all revoked intermediates into scope, would > this be better set for a 2.8.1 update to change the scope language? > > > > Jeremy > > > > *From:* dev-security-policy@mozilla.org *On > Behalf Of *Ben Wilson > *Sent:* Wedne

Re: Draft May 2022 CA Communication and Survey

nto force on Friday! > > ------ > *From:* Ben Wilson > *Sent:* 24 June 2022 17:19 > *To:* Rob Stradling > *Cc:* Dimitris Zacharopoulos ; dev-secur...@mozilla.org > > *Subject:* Re: Draft May 2022 CA Communication and Survey > > > CAUTION: This email originated fr

Re: Clarification on affiliationChanged revocation reason code

"Subject's Name" would refer to the Organization Name. We can clarify that more. On Fri, Jun 24, 2022 at 1:47 PM Jacob Hoffman-Andrews wrote: > On Fri, Jun 24, 2022 at 12:06 PM Ben Wilson wrote: > >> I think it would be appropriate to shield the "affiliationC

Re: Clarification on affiliationChanged revocation reason code

Hi Jacob, On Fri, Jun 24, 2022 at 12:34 PM 'Jacob Hoffman-Andrews' via dev-security-policy@mozilla.org wrote: > Putting together the documentation for our subscribers about revocation > reason code, I ran into a bit of a snag: > > > The CRLReason affiliationChanged is intended to be used to

Re: Draft May 2022 CA Communication and Survey

ction.outlook.com/?url=https%3A%2F%2Fccadb-public.secure.force.com%2Fmozillacommunications%2FCACommResponsesOnlyReport%3FCommunicationId%3Da058Z13UmsDQAS%26QuestionId%3DQ00175%2CQ00176=05%7C01%7Crob%40sectigo.com%7Cc918667f08b045b452f108da55dce7a5%7C0e9c48946caa465d96604b6968b49fb7%7C0%7C0%7C637916705427693111%7CUnknown%7CTWFpbGZsb3d8eyJWIj

Re: [elixir-core:10959] `Map.get/3` to return default value for `nil` value

> `Map.get(map, key, default_value)` looks better than `Map.get(map, key) || default_value` This isn't a matter of looks, these have straight up different functionality. You can't change this sort of thing in the language at this point in its lifecycle. Plus, you'd be forcing everyone who's

MRSP § 3.3 Clarification re: public archiving of CPs and CPSes

All, In response to CA operators' requests for clarifications on our new Mozilla Root Store Policy (MRSP) requirement that they make all of their Certificate Policies (CPs), and Certification Practices Statements (CPSes) (or combined CP/CPSes) publicly available [1], I have reached out to some

Re: Draft May 2022 CA Communication and Survey

All, I'm going to hit "send" on the May 2022 CA Communication and Survey this afternoon. CA responses will be made available at https://wiki.mozilla.org/CA/Communications#May_2022_Responses. Thanks, Ben On Thu, May 12, 2022 at 2:43 PM Ben Wilson wrote: > All, > > Please

Re: Public Discussion of GoDaddy cross-signing two Certainly Intermediate Certificates

All, Public discussion and the 7-day last-call period recently ended[1], and Certainly's request to include its R1 and E1 root CAs in the root store has been approved[2]. The purpose of this email is to clarify that GoDaddy's request to cross-sign Certainly's issuing CAs[3] is similarly approved.

Re: Historical progession of CCADB intermediates

I hope this helps - the Wayback Machine has a few snapshots (14 captures of https://wiki.mozilla.org/CA/Intermediate_Certificates) - e.g. http://web.archive.org/web/20210301195230/https://ccadb-public.secure.force.com/mozilla/MozillaIntermediateCertsCSVReport Ben On Thu, May 5, 2022 at 2:07 PM

Mozilla Root Store Policy v. 2.8 Now Published

Mozilla's Root Store Policy, v. 2.8, is now published: https://www.mozilla.org/en-US/about/governance/policies/security-group/certs/policy/ -- You received this message because you are subscribed to the Google Groups "dev-security-policy@mozilla.org" group. To unsubscribe from this group and

Re: Policy 2.8: Final Review of MRSP v. 2.8

Ryan and Corey, If there are still issues, can we punt this into version 2.9? Version 2.8 has been finalized and is going through the publication process today, which I was going to announce when it is up on the Mozilla website. Thanks, Ben On Thu, Apr 28, 2022 at 8:23 PM Ryan Sleevi wrote: >

Re: Public Discussion of Certainly's Root Inclusion Request

-security-policy/c/EhXhiHfWGC8/m/58CH8CMwBgAJ [2] https://wiki.mozilla.org/CA/Application_Process#Process_Overview On Sun, Apr 3, 2022 at 11:16 PM Ben Wilson wrote: > All, > > This is to announce the beginning of the public discussion phase of the > Mozilla root CA inclusion proce

[elixir-core:10879] Re: [Proposal] GenServer response with exception control flow

> I'm sure there is the opinion that this is anti-pattern Yup. Side stepping this a bit though and getting to something deeper: This does not seem like it needs to be part of the standard library. You could make a library called GenServerWithExceptions or something and put it up on hex, and

Re: Policy 2.8: Final Review of MRSP v. 2.8

or questions. Thanks, Ben On Mon, Apr 25, 2022 at 2:26 PM Ben Wilson wrote: > All, > > During my final read-through, I noticed some things that I want to fix, in > addition to minor grammar and punctuation (e.g. I'll replace the hyphen > with a space between "end"

Re: Policy 2.8: Final Review of MRSP v. 2.8

n 6.1.1 (TLS revocation reasons) and in 6.2 (S/MIME revocation reasons), I'll replace most instances of "CA" with "CA operator" - for consistency with the rest of the MRSP. I'll make those changes now, and then I'll circulate the Github commit that shows those changes when I'm do

Re: Public Discussion of e-Tuğra's Inclusion Request

/a/mozilla.org/g/dev-security-policy/c/ylNHGT1arUE/m/GKcyixI8FAAJ [2] https://wiki.mozilla.org/CA/Application_Process#Process_Overview On Tue, Mar 29, 2022 at 4:41 PM Ben Wilson wrote: > All, > > This is to announce the beginning of the public discussion phase of the > Mozilla root CA inclu

Re: Policy 2.8: Final Review of MRSP v. 2.8

Thanks, Andrew I think it will be really helpful for OCSP Watch to monitor compliance based on precertificates going forward. Ben On Fri, Apr 22, 2022 at 7:37 AM Andrew Ayer wrote: > I am concerned by effective date of October 1, 2022 for the last two > bullet points of Section 5.4

Re: Policy 2.8: Final Review of MRSP v. 2.8

All, We are changing the effective date of MRSP v. 2.8 from May 1, 2022, to June 1, 2022, to provide more time to finalize and publish the document and to send out the CA Communication and Survey, which will be emailed to CA representatives in mid-May. A read-only copy of the working draft of the

Re: Policy 2.8: Final Review of MRSP v. 2.8

See https://github.com/BenWilson-Mozilla/pkipolicy/commit/55066357d674adb8da4b8ee20b5cd60cf2b6f8bd On Thu, Apr 21, 2022 at 4:26 PM Ben Wilson wrote: > OK - thanks. > > On Thu, Apr 21, 2022 at 3:58 PM Andrew Ayer wrote: > >> I think Jacob's language (with your change to use

Re: Policy 2.8: Final Review of MRSP v. 2.8

> new and improved language. > > Regards, > Andrew > > On Thu, 21 Apr 2022 15:48:34 -0600 > Ben Wilson wrote: > > > Jacob and Andrew, > > > > What if I just added this underlined language without replacing the > > first bul

Re: Policy 2.8: Final Review of MRSP v. 2.8

other according to RFC 6962 section 3.1. A final certificate is 'based on' a precertificate if they have the same serial and issuer, or they have the same serial and the final certificate's issuer matches the precertificate's issuer's issuer.* Thus, ..." Ben On Thu, Apr 21, 2022 at 3:07 PM

Re: Policy 2.8: Final Review of MRSP v. 2.8

Should it say "final certificate" in this bullet? On Thu, Apr 21, 2022 at 11:15 AM Jacob Hoffman-Andrews wrote: > On Wed, Apr 20, 2022 at 6:19 AM Andrew Ayer wrote: > >> As I understand it, the goal of this bullet point is not to add an >> exception to misissuance, but to make sure that there

Re: Policy 2.8: Final Review of MRSP v. 2.8

guidance for what scenarios Mozilla wants CAs to not > follow the RFC5280 best practices. > > > > If we apply the “default deny” logic to the Mozilla Policy, I believe the > logic I described above is an accurate representation, so perhaps no > additional changes to th

Re: Policy 2.8: Final Review of MRSP v. 2.8

All, I believe this is one of the final issues for MRSP v. 2.8, which I'd like to resolve ASAP. I'm leaning toward adding an effective date of October 1, 2022, for the last two bullets in section 5.4. Ben On Wed, Apr 20, 2022 at 12:08 AM 'Dustin Hollenback' via dev-security-policy@mozilla.org

Re: Policy 2.8: Final Review of MRSP v. 2.8

“private”) can certify itself and have the self-signed > certificate included in Mozilla. > > > > Thanks, > > Corey > > > > *From:* Ben Wilson > *Sent:* Wednesday, April 20, 2022 2:00 PM > *To:* Corey Bonnell > *Cc:* dev-secur...@mozilla.org > *Subje

Re: Policy 2.8: Final Review of MRSP v. 2.8

tificates > > > > *From:* dev-security-policy@mozilla.org *On > Behalf Of *Ben Wilson > *Sent:* Wednesday, April 13, 2022 1:18 PM > *To:* dev-secur...@mozilla.org > *Subject:* Policy 2.8: Final Review of MRSP v. 2.8 > > > > All, > > > > H

Re: Policy 2.8: Final Review of MRSP v. 2.8

accordance with this policy for all certificates presumed to exist based on the presence of a precertificate, even if the certificate does not actually exist. On Wed, Apr 20, 2022 at 8:00 AM Andrew Ayer wrote: > On Tue, 19 Apr 2022 20:56:25 -0600 > Ben Wilson wrote: > > > Hi Rob and Andre

<    1   2   3   4   5   6   7   8   9   10   >