On Mon, Feb 08, 2016 at 12:18:12PM -0800, Kathleen Wilson wrote: > All, > > We recently added two tests that CAs must perform and resolve errors for > when they are requesting to enable the Websites trust bit for their root > certificate. > > Test 1) Browse to https://crt.sh/ and enter the SHA-1 Fingerprint for the > root certificate. Then click on the 'Search' button. Then click on the 'Run > cablint' link. All errors must be resolved/fixed. > > Test 2) Browse to https://cert-checker.allizom.org/ and enter the test > website and click on the 'Browse' button to provide the PEM file for the > root certificate. Then click on 'run certlint'. All errors must be > resolved/fixed. > > I added these to item #15 of > https://wiki.mozilla.org/CA:Information_checklist#Technical_information_about_each_root_certificate > > This has sparked some discussions in Bugzilla Bugs that I think we should > move here to mozilla.dev.security.policy so that everyone may benefit from > the resulting decisions.
So you're requesting this for new CAs? What about existing CAs? Should we file bugs in bugzilla about the issues it found? Are they supposed to look at it themself and fix things? Kurt _______________________________________________ dev-security-policy mailing list dev-security-policy@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-security-policy
