FWIW, this has been brought up a few times that I can recall, and is currently
captured in this Issue in the CA/Browser Forum:
http://github.com/cabforum/servercert/issues/459. While there isn’t consensus
yet within the Forum, I expect we’ll continue discussing it and hopefully come
to agreemen
Hi Kurt,
FWIW, these Root CA certificates have not been accepted into the Apple Root
Program.
Cheers,
-Clint
> On Jun 2, 2023, at 10:03 AM, 'Kurt Seifried' via CCADB Public
> wrote:
>
> I'm curious, can we get any information from the other major browser vendors
> as to whether or not they
Hi Dimitris,
The current expectation is described in the Apple Policy:
Effective October 1, 2022, CA providers must populate the CCADB fields under
"Pertaining to Certificates Issued by This CA" with either the CRL Distribution
Point for the "Full CRL Issued By This CA" or a "JSON Array of Part
Hello all,
In order to further compile the observations that may warrant some response
from TrustCor, the Apple Root Program would like to add some additional notes.
We concur with views expressed below that the corpus of these observations lend
themselves to reasonable doubt about this company
Thanks Aaron, I’ll endorse.
> On Oct 14, 2022, at 9:30 AM, 'Aaron Gable' via
> dev-security-policy@mozilla.org wrote:
>
> To ensure that future parties don't have to have this same discussion again,
> I have put together a CA/BF ballot to update the BRs to explicitly require
> the distributio
I'm in agreement with Corey here. The IDP URL must be present in sharded CRLs
(i.e. if a CRL is not a complete CRL for the entire CA). I'm also inclined to
say HTTPS must not be used here. There are cases where it could work, others
where it could cause issues, but overall I don't believe it bri
wider community
> to accurately interpret the actual policy? CAs are expected to read every
> MDSP message, but auditors and the wider community are not. CAs receive
> official communications from root programs, but auditors and the wider
> community do not.
>
> From: '
e language to
> https://www.ccadb.org/policy#4-intermediate-certificates
> <https://www.ccadb.org/policy#4-intermediate-certificates> and then update
> both the MRSP and https://www.apple.com/certificateauthority/ca_program.html
> <https://www.apple.com/certificateauthorit
Hi all,
FWIW, the below language also matches the intent of the similar Apple Root
Program requirement.
Thanks,
-Clint
> On Aug 25, 2022, at 10:20 AM, Ben Wilson wrote:
>
> Hi Christophe,
>
> We do want to maintain some flexibility here and to mirror current practices
> without creating new
Is there a preference for which provides the greatest clarity to CAs (thinking
especially of those that haven’t followed the ongoing development of this over
the last ~18 months)?
> On Nov 18, 2021, at 12:51 PM, 'Aaron Gable' via
> dev-security-policy@mozilla.org wrote:
>
> One point of inter
Hi Dimitris,
The Apple Root Program intends to use this field for all certificates in the
future, but our focus at the moment is on non-TLS certificates, so this change
aligns well for us right now.
Cheers!
-Clint
> On Aug 4, 2021, at 12:37 AM, Dimitris Zacharopoulos wrote:
>
>
>
> On 20/7
11 matches
Mail list logo
