Did we somehow came to a conclusion / agreed wording here? I'm not sure if I missed something, but the last email I've received in regards to this issue is from mid of May and the last change in https://github.com/mozilla/pkipolicy/blob/master/rootstore/policy.md dates to beginning of March. I don't want to make artificial pressure here but want to be sure I don't miss something important.
With best regards, Rufus Buschart Siemens AG Information Technology Human Resources PKI / Trustcenter GS IT HR 7 4 Hugo-Junkers-Str. 9 90411 Nuernberg, Germany Tel.: +49 1522 2894134 mailto:rufus.busch...@siemens.com www.twitter.com/siemens www.siemens.com/ingenuityforlife Siemens Aktiengesellschaft: Chairman of the Supervisory Board: Jim Hagemann Snabe; Managing Board: Joe Kaeser, Chairman, President and Chief Executive Officer; Roland Busch, Lisa Davis, Klaus Helmrich, Janina Kugel, Cedrik Neike, Michael Sen, Ralf P. Thomas; Registered offices: Berlin and Munich, Germany; Commercial registries: Berlin Charlottenburg, HRB 12300, Munich, HRB 6684; WEEE-Reg.-No. DE 23691322 > -----Ursprüngliche Nachricht----- > Von: dev-security-policy > [mailto:dev-security-policy-bounces+rufus.buschart=siemens.com@lists.m > ozilla.org] Im Auftrag von Tim Hollebeek via dev-security-policy > Gesendet: Mittwoch, 16. Mai 2018 08:23 > An: Wayne Thayer; mozilla-dev-security-policy > Betreff: RE: Bit encoding (AW: Policy 2.6 Proposal: Add prohibition on > CA key generation to policy) > > When we debated it last, my predictions were hypothetical. > > > > I wish they had remained hypothetical. > > > > -Tim > > > > From: Wayne Thayer [mailto:wtha...@mozilla.com] > Sent: Wednesday, May 16, 2018 12:33 AM > To: Tim Hollebeek <tim.holleb...@digicert.com>; > mozilla-dev-security-policy > <mozilla-dev-security-pol...@lists.mozilla.org> > Subject: Re: Bit encoding (AW: Policy 2.6 Proposal: Add prohibition on > CA key generation to policy) > > > > On Tue, May 15, 2018 at 9:17 PM Tim Hollebeek <tim.holleb...@digicert.com > <mailto:tim.holleb...@digicert.com> > wrote: > > My only objection is that this will cause key generation to shift to > partners and affiliates, who will almost certainly do an even worse job. > > > > > This is already a Mozilla requirement [1] - we're just moving it into the > policy document. > > > > > If you want to ban key generation by anyone but the end entity, ban key > generation by anyone but the end entity. > > > > > We've already debated this [2] and didn't come to that conclusion. > > > > > -Tim > > > > [1] > https://wiki.mozilla.org/CA/Forbidden_or_Problematic_Practices#Distrib > uting_Generated_Private_Keys_in_PKCS.2312_Files > > [2] > https://groups.google.com/d/msg/mozilla.dev.security.policy/MRd8gDwGGA > 4/AC4xgZ9CBgAJ _______________________________________________ dev-security-policy mailing list dev-security-policy@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-security-policy