On Tue, May 14, 2019 at 11:21 AM Kathleen Wilson via dev-security-policy < dev-security-policy@lists.mozilla.org> wrote:
> On 5/10/19 5:46 PM, Wayne Thayer wrote: > > I've attempted to update section 6 to incorporate revocation requirements > > for S/MIME certificates: > > > > > https://github.com/mozilla/pkipolicy/commit/15ad5b9180903b92b8f638c219740c0fb6ba0637 > > > > Note: since much of this language is copied directly from the BRs, if we > > decide to adopt it, the policy will also need to comply with the Creative > > Commons Attribution 4.0 International license used by the BRs. > > > > I will greatly appreciate everyone's review and comments on this proposed > > change. > > > The proposed changes look OK to me. > > But I would also be fine with the new section 6.2 regarding revocation > of S/MIME certs just re-using the revocation text that we used to have > in our policy (which had been removed in an effort to remove redundancy > with the BRs). > > > https://github.com/mozilla/pkipolicy/blob/2.4.1/rootstore/policy.md#6-revocation > > The 'reasons for revocation' from the old policy are very close to the BR language I proposed. The main difference in my proposal is the inclusion of deadlines by which certificates must be revoked (same as in the BRs). While the BR deadlines have sometimes been challenging, I do feel that we're better off to have them as our standard and handle exceptions as incidents, so my preference is to stick with my proposal. _______________________________________________ dev-security-policy mailing list dev-security-policy@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-security-policy
