We've now uploaded the self-signed root into the CCADB as a subordinate CA to the same self-signed root, if that makes sense.
-----Original Message----- From: dev-security-policy [mailto:dev-security-policy-bounces+ben=digicert....@lists.mozilla.org] On Behalf Of Jeremy Rowley via dev-security-policy Sent: Monday, July 3, 2017 4:05 PM To: Nick Lamb <tialara...@gmail.com>; mozilla-dev-security-pol...@lists.mozilla.org Subject: RE: DigiCert policy violation - non-disclosure of https://crt.sh/?id=160110886 "Previously accepted without comment" is hardly accurate. There's lots of comments on the Mozilla policy (including Ben's comment on this very term). And it's hardly fair to deride my lack of understanding on what transitive trust entails in the digital certificate space considering it's outside of the usual trust paths, not defined in the standard RFCs, and not the same as the mathematical expression. Instead, you're substituting one signed object with another. I'd figure two-way cross-signed objects would be more akin to transitive trust than this scenario. After all, they are substitute trust anchors instead of here where one isn't intended for trust in Mozilla. It'd be more helpful to provide additional educational resources rather than snide comments. I'd rather understand how it works than argue about what it means. Yes - we pass all policy without comment on to the Sub CA. -----Original Message----- From: dev-security-policy [mailto:dev-security-policy-bounces+jeremy.rowley=digicert.com@lists.mozilla .org] On Behalf Of Nick Lamb via dev-security-policy Sent: Monday, July 3, 2017 3:22 PM To: mozilla-dev-security-pol...@lists.mozilla.org Subject: Re: DigiCert policy violation - non-disclosure of https://crt.sh/?id=160110886 On Monday, 3 July 2017 22:00:00 UTC+1, Jeremy Rowley wrote: > Link please to a formal definition? As your email alleges a policy violation by one a cross-signed CAs, we take the investigation and response very seriously. I'd like to know the basis for the definition before formulating an official report and potentially penalizing the Sub CA for non-compliance. You're asking for a "formal definition" of the word transitively. A word which was in a policy you have previously accepted without comment, but NOW you assert you aren't sure what it means. Transitivity is a normal concept of mathematics and logic, its meaning here seems pretty transparent to me, it's something we introduce (albeit not with trying to process cyclic graphs) to secondary school children as part of their normal background in arithmetic. Was this policy, which you apparently didn't understand, passed without comment to the affected Sub CA? Or did you figure that despite not understanding what it meant you'd be able to somehow implement it? _______________________________________________ dev-security-policy mailing list dev-security-policy@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-security-policy
smime.p7s
Description: S/MIME cryptographic signature
_______________________________________________ dev-security-policy mailing list dev-security-policy@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-security-policy