On 20/03/17 15:33, Kathleen Wilson wrote: >> * Action 7: some of the BR Compliance bugs relate to CAs which are no >> longer trusted, like StartCom. If StartCom does become a trusted CA >> again, it will be with new systems which most likely do not have the >> same bugs. Should we close the StartCom compliance bugs? > > Yes, I think that makes sense.
OK, I've closed the StartCom and ANSSI bugs. >> * Action 8: Can we provide more structure here, by perhaps putting some >> boilerplate text in the answer box or something like that? Or at least >> list the sections and actions we expect to have been done? > > Changed to checkboxes and a follow-up text field. Please review. You've added a box: "All SHA-1 based TLS/SSL certificates chaining up to our root certificates included in Mozilla’s CA Certificate Program have either expired or been revoked." I don't think we _required_ revocation of all publicly-trusted SHA-1 certs, did we? Also, the two about "all... certificates" might need to be changed to "Our policy now is that all... certificates". >> C) CAA > > Added, but please carefully review -- not sure I got it correct. Looks good to me. Gerv _______________________________________________ dev-security-policy mailing list dev-security-policy@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-security-policy