Re: Mozilla CA Policy 2.3 plan
On 07/11/16 14:08, Gervase Markham wrote: > the 2.3 draft says for some time. Therefore, it seems to me that we > could ship the current draft version as version 2.3 immediately, with > immediate applicability. Diff: > https://github.com/mozilla/pkipolicy/compare/2.2...master We found one additional issue (references to new ETSI docs) which needed resolving, but which is now resolved. So we think version 2.3 is now ready to ship, and become immediately applicable. See the diff URL above for the changes. Last chance to raise objections! :-) (The BR version number update is to the one that has been in the draft 2.3 policy for ages, rather than to the latest version; that's intentional.) Gerv ___ dev-security-policy mailing list dev-security-policy@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-security-policy
Re: Mozilla CA Policy 2.3 plan
On 07/11/16 20:05, Kathleen Wilson wrote: >> It would be useful if people checked it over to make sure I have not >> made any mistakes in conversion. The original is here, in four pages: >> https://www.mozilla.org/en-US/about/governance/policies/security-group/certs/policy/ > > Just one minor glitch in the last bullet point of item 11 of the > Inclusion policy regarding EV audit criteria. Otherwise, looks good. I think it's now the second bullet, isn't it? > In section 11 the two bullet points regarding ETSI TS 119 411 are out of date. If you know what it should say, please add info to the bug. It wasn't entirely clear to me what the right thing was. > That would be great, with the exception of getting the ETSI audit > numbers/info updated first -- so I think we need to get > https://github.com/mozilla/pkipolicy/issues/3 into this version 2.3. OK. I've reopened milestone 2.3 and added this issue. If you (or Inigo) can tell me how exactly to resolve it, that would be great! >> Fourthly, I have triaged the issues and marked those I think are urgent >> and achievable in a reasonably short time frame with the "2.4" >> milestone. That list is here: >> https://github.com/mozilla/pkipolicy/milestone/1 > > That link didn't work for me. Yes, sorry, the correct link for milestone 2.4 is: https://github.com/mozilla/pkipolicy/milestone/2 Milestone 2.3 is: https://github.com/mozilla/pkipolicy/milestone/1 Gerv ___ dev-security-policy mailing list dev-security-policy@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-security-policy
Re: Mozilla CA Policy 2.3 plan
On 07/11/16 14:34, Kurt Roeckx wrote: > In my experience, pointing to a specific section of the BRs causes > problems because things are moved, renumbered and so on. Other changes > in the document also point to specific sections. The BRs now follow RFC 3647, which AIUI specifies the title and numbering of each section. So this is much less of a problem than it was before we converted to using RFC 3647. Gerv ___ dev-security-policy mailing list dev-security-policy@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-security-policy
Re: Mozilla CA Policy 2.3 plan
On 2016-11-07 15:08, Gervase Markham wrote: https://github.com/mozilla/pkipolicy/compare/2.2...master So one of the changes is that you now have: -issuing certificates), as described in [CA/Browser Forum -Baseline Requirement -\#12;](http://www.cabforum.org/documents.html) +issuing certificates), as described in section 6.1.7 of the +[CA/Browser Forum Baseline + Requirements](https://cabforum.org/baseline-requirements-documents/); In my experience, pointing to a specific section of the BRs causes problems because things are moved, renumbered and so on. Other changes in the document also point to specific sections. Kurt ___ dev-security-policy mailing list dev-security-policy@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-security-policy