All,
For what it's worth, during a presentation I gave during Security Week (http://www.etsi.org/index.php/news-events/events/870-security-week) of the European Telecommunications Standards Institute ("ETSI") (which is charged with implementing Article 1 of a European Regulation that governs qualified web site certificates), http://www.europarl.europa.eu/sides/getDoc.do?type=TA <http://www.europarl.europa.eu/sides/getDoc.do?type=TA&language=EN&reference =P7-TA-2014-0282> &language=EN&reference=P7-TA-2014-0282, I was asked (by someone in the audience and not by anyone specifically representing EU governments) to relay a message that some European supervisory bodies would like browsers and OS providers to enable and support an additional trust list or trust store, specific to the EU, for those Trust Service Provider-CA entities that are accredited to issue digital certificates in the EU. For those unfamiliar with this act of the European Parliament, Article 1 from the second reference above reads, "With a view to ensuring the proper functioning of the internal market while aiming at adequate level of security of electronic identification means and trust services this Regulation: - lays down conditions under which Member States shall recognise electronic identification means of natural and legal persons falling under a notified electronic identification scheme of another Member State, - lays down rules for trust services, in particular for electronic transactions and - establishes a legal framework for electronic signatures, electronic seals, electronic time stamps, electronic documents, electronic registered delivery services and certificates services for website authentication." Cheers, Ben -----Original Message----- From: dev-security-policy [mailto:dev-security-policy-bounces+ben=digicert....@lists.mozilla.org] On Behalf Of Tom Ritter Sent: Sunday, July 5, 2015 5:28 PM To: Richard Barnes Cc: mozilla-dev-security-pol...@lists.mozilla.org Subject: Re: Letter from US House of Representatives On 30 June 2015 at 13:36, Richard Barnes < <mailto:rbar...@mozilla.com> rbar...@mozilla.com> wrote: > Obviously, we can't change the letter now, but if you have any > thoughts or concerns about this interaction, please feel free to reply in this thread. I guess I feel like there was a lot more things that could be put under #4. - I understand Mozilla is still evaluating CT, but it seems odd not to mention it. - The deployment of HSTS/HPKP - Deployment of OCSP Stapling to enable a move to hard-fail... so revocation actually works - Investment in "Core Infrastructure" and testing methodologies to enable more secure software so on and so forth... -tom _______________________________________________ dev-security-policy mailing list <mailto:dev-security-policy@lists.mozilla.org> dev-security-policy@lists.mozilla.org <https://lists.mozilla.org/listinfo/dev-security-policy> https://lists.mozilla.org/listinfo/dev-security-policy
smime.p7s
Description: S/MIME cryptographic signature
_______________________________________________ dev-security-policy mailing list dev-security-policy@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-security-policy