If DarkMatter is issuing from a CA that chains to a Quovadis root trusted by Mozilla, the issuance is in scope of the Mozilla policy. But that also means the cert is publicly trusted. Thus, I read it as "all TLS certs issued from the public ICA are publicly logged", which matches what Scott told me in the past.
You really can't log private certs as they don't chain to a root trusted by any of the CT logs. -----Original Message----- From: dev-security-policy <dev-security-policy-boun...@lists.mozilla.org> On Behalf Of Buschart, Rufus via dev-security-policy Sent: Monday, February 25, 2019 1:08 PM To: mozilla-dev-security-policy <mozilla-dev-security-pol...@lists.mozilla.org> Subject: AW: DarkMatter Concerns > Von: dev-security-policy > <dev-security-policy-boun...@lists.mozilla.org> Im Auftrag von Matthew Hardeman via dev-security-policy On Mon, Feb 25, 2019 at 12:15 PM Richard Salz <rich.s...@gmail.com> wrote: > > > You miss the point of my question. > > > > What types of certs would they issue that would NOT expect to be > > trusted by the public? > I get the question in principle. If it is a certificate not intended > for public trust, I suppose I wonder whether or not it's truly in scope for policy / browser inclusion / etc discussions? If the certificate is part of a hierarchy that chains up to a root under Mozillas Root Program there should be no question about this - yes it is in scope. With best regards, Rufus Buschart Siemens AG Information Technology Human Resources PKI / Trustcenter GS IT HR 7 4 Hugo-Junkers-Str. 9 90411 Nuernberg, Germany Tel.: +49 1522 2894134 mailto:rufus.busch...@siemens.com www.twitter.com/siemens www.siemens.com/ingenuityforlife Siemens Aktiengesellschaft: Chairman of the Supervisory Board: Jim Hagemann Snabe; Managing Board: Joe Kaeser, Chairman, President and Chief Executive Officer; Roland Busch, Lisa Davis, Klaus Helmrich, Janina Kugel, Cedrik Neike, Michael Sen, Ralf P. Thomas; Registered offices: Berlin and Munich, Germany; Commercial registries: Berlin Charlottenburg, HRB 12300, Munich, HRB 6684; WEEE-Reg.-No. DE 23691322 _______________________________________________ dev-security-policy mailing list dev-security-policy@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-security-policy
smime.p7s
Description: S/MIME cryptographic signature
_______________________________________________ dev-security-policy mailing list dev-security-policy@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-security-policy