Re: CA report with CAA and Problem Reporting info
On Friday, May 26, 2017 at 2:50:16 AM UTC-7, Gervase Markham wrote: > On 26/05/17 01:01, Kathleen Wilson wrote: > > Known problems: - Some CAs did not provide their CAA (Certification > > Authority Authorization) information correctly, so that column is > > empty for them. Note that some CAs do not have the Websites trust bit > > set for any of their root certs, so that column may remain empty for > > them. > > That makes me think: could we detect that situation and put a marker in > the report to say "N/A", or would that be difficult? > I put "N/A" directly into the field for those CAs who do not have roots included with the Websites trust bit set. Kathleen ___ dev-security-policy mailing list dev-security-policy@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-security-policy
Re: Taiwan GRCA Root Renewal Request
On Wednesday, March 15, 2017 at 5:01:13 PM UTC-7, Kathleen Wilson wrote: > > So, if there are no further questions or comments about this CA's request, > then I will close this discussion and recommend approval in the bug. > All, I requested that this CA perform a BR Self Assessment, and they have attached their completed BR Self Assessment to the bug here: https://bugzilla.mozilla.org/show_bug.cgi?id=1065896#c30 Aaron has reviewed and verified the BR Self Assessment. Therefore, I plan to approve this request from the Government of Taiwan (GRCA) to include their "Government Root Certification Authority" root certificate, and turn on the Websites and Email trust bits, and constrain this root to *.tw. If there are no further concerns, then I will close this discussion and recommend approval in the bug. Thanks, Kathleen ___ dev-security-policy mailing list dev-security-policy@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-security-policy
Re: CA report with CAA and Problem Reporting info
On 26/05/17 01:01, Kathleen Wilson wrote: > Known problems: - Some CAs did not provide their CAA (Certification > Authority Authorization) information correctly, so that column is > empty for them. Note that some CAs do not have the Websites trust bit > set for any of their root certs, so that column may remain empty for > them. That makes me think: could we detect that situation and put a marker in the report to say "N/A", or would that be difficult? Gerv ___ dev-security-policy mailing list dev-security-policy@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-security-policy
