Re: Policy 2.4 Proposal: Codify requirements relating to Common CA Database into the policy

On 25/01/17 18:38, Ryan Sleevi wrote: > I'm a little wary of introducing #1 until you know what #2 contains, > because to introduce #1, you want to have some way of building > consensus/agreement with different consumers, and that remains unspecified. > Further, because of the existence of #2, it

Re: Appropriate role for lists of algorithms and key sizes

On Wed, Jan 25, 2017 at 3:21 AM, Gervase Markham wrote: > On 24/01/17 17:12, Ryan Sleevi wrote: > > This means, as a practical matter, I strongly agree with Brian Smith's > > suggestion of having an explicit, enumerated list of algorithms (and > > parameters) in the Mozilla

Suspicious test.com Cert Issued By GlobalSign

I found another certificate for www.test.com that I believe was mis-issued by GlobalSign: https://crt.sh/?sha256=9d503e7c6c4fb6e6d7436c07ff445b95214871ea13ac1cb3b0d7abbce9be6cfb This certificate was issued on 2015-09-11 and is not yet expired. I was not paying close attention to

Re: Question about Baseline Requirements section #7.1.4.2

On 25/1/2017 1:40 μμ, Dimitris Zacharopoulos wrote: On 25/1/2017 1:25 μμ, Gervase Markham wrote: On 24/01/17 06:50, Dimitris Zacharopoulos wrote: The CA/B Forum Policy Review WG made some effort to clarify this by merging

Re: Question about Baseline Requirements section #7.1.4.2

On 25/1/2017 1:25 μμ, Gervase Markham wrote: On 24/01/17 06:50, Dimitris Zacharopoulos wrote: The CA/B Forum Policy Review WG made some effort to clarify this by merging information between these sections, but there was not

Re: Policy 2.4 Proposal: Require full CP/CPS in English

On 25/01/17 07:25, Jakob Bohm wrote: > Tiny nit: What if the original language of the CP/CPS is English. Then > there can't be a "translation" etc. I meant to cover that using the phrasing "must provide English versions", but you are right that I later to on to assume they are translations.

Re: Policy 2.4 Proposal: Require full CP/CPS in English

On 25/01/17 05:15, Matt Palmer wrote: > Is that referring to a dispute between Mozilla (or "a trust store operator", > if you prefer) and the CA, or between a relying party and the CA? I simply mean that the CA has to attest to us that the two are effectively the same. So in any discussion with

Re: Question about Baseline Requirements section #7.1.4.2

On 24/01/17 06:50, Dimitris Zacharopoulos wrote: > The CA/B Forum Policy Review WG made some effort > to > clarify this by merging information between these sections, but there > was not enough support to proceed. Dean's summary

Re: Appropriate role for lists of algorithms and key sizes

On 24/01/17 17:12, Ryan Sleevi wrote: > This means, as a practical matter, I strongly agree with Brian Smith's > suggestion of having an explicit, enumerated list of algorithms (and > parameters) in the Mozilla policy, with the caveat/expectation that Mozilla > policy will be able to be updated in

Re: I found some SHA-1 certificates issued by Symantec

On 24/01/17 15:48, Gervase Markham wrote: > That's because it chains up to the following two roots: > > 1) OU=Class 3 Public Primary Certification Authority > https://crt.sh/?caid=25 This root had its SSL bits disabled around June 2014: https://bugzilla.mozilla.org/show_bug.cgi?id=986005

Re: Policy 2.4 Proposal: Require full CP/CPS in English

On 25/01/2017 09:40, okaphone.elektron...@gmail.com wrote: On Wednesday, 25 January 2017 08:25:41 UTC+1, Jakob Bohm wrote: Tiny nit: What if the original language of the CP/CPS is English. Then there can't be a "translation" etc. Mmmm... indeed. It actually says "The English version is not