>Back in 2015, there were some GlobalSign testing in which users thought it was
>acceptable to use domains like test.com and example.com for testing purposes.
>Since this time, GlobalSign has implemented procedures to avoid any similar
>situations in the future.
Does it mean that
>Back in 2015, there were some GlobalSign testing in which users thought it was
>acceptable to use domains like test.com and example.com for testing purposes.
>Since this time, GlobalSign has implemented procedures to avoid any similar
>situations in the future.
Does it mean that
On Wednesday, March 15, 2017 at 9:56:25 AM UTC-7, Kathleen Wilson wrote:
> Thanks to those of you who have reviewed and commented on this request from
> the Government of Turkey, Kamu Sertifikasyon Merkezi (Kamu SM), to include
> the "TUBITAK Kamu SM SSL Kok Sertifikasi - Surum 1" root
On 16/03/17 11:25, douglas.beat...@gmail.com wrote:
> For the record, we don't think it's necessary (or permissible) to
> give employees (RAs) the power to add arbitrary domains to accounts
> without proper vetting.
I guess I'm still not being clear - sorry :-( Let me try one more time:
Why does
We have DTP and RA roles slated as part of the validation WG discussion, but
only as they relate to validation.
-Original Message-
From: dev-security-policy
[mailto:dev-security-policy-bounces+jeremy.rowley=digicert.com@lists.mozilla
.org] On Behalf Of Ryan Sleevi via dev-security-policy
On Thu, Mar 16, 2017 at 6:01 AM, Gervase Markham via dev-security-policy <
dev-security-policy@lists.mozilla.org> wrote:
> On 09/03/17 13:32, Ryan Sleevi wrote:
> > (Wearing Google hat only for this statement)
> > Have you considered having this discussion in the CA/Browser Forum?
> Google
> >
On Thursday, March 16, 2017 at 6:59:41 AM UTC-4, Gervase Markham wrote:
> Hi Doug,
>
> On 03/03/17 11:17, Gervase Markham wrote:
> > That's lovely, but it doesn't answer my question. Let me restate it: why
> > does GlobalSign believe it is necessary to give employees the power to
> > add
Hi Blake,
On 02/03/17 16:26, blake.mor...@trustis.com wrote:
> We have engaged with our external auditors in relation to this and the
> previous certificate that was reported. Once that activity has concluded we
> will be providing further information.
Do you have an ETA for this incident
Hi Doug,
On 03/03/17 11:17, Gervase Markham wrote:
> That's lovely, but it doesn't answer my question. Let me restate it: why
> does GlobalSign believe it is necessary to give employees the power to
> add arbitrary domains to accounts without going through ownership
> validation?
You are getting
On 28/02/17 20:02, douglas.beat...@gmail.com wrote:
> And lastly this ticket. The Domain name was validated in accordance
> with the BRs, but there was a bug that allowed a user entered space
> to be included in some of the SAN values. While the value is not
> compliant with RFC 5280 or the BRs,
On 03/03/17 20:59, douglas.beat...@gmail.com wrote:
> In general, when we receive new orders and issue certificates, the
> vetting is done just prior to issuance time which permits the
> certificate to be replaced up until expiration. We're looking into
> cases where new "orders" may have used
On 16/03/17 10:50, Gervase Markham wrote:
> https://wiki.mozilla.org/CA:RootTransferPolicy#Change_in_Legal_Ownership
With these changes and the filing of
https://bugzilla.mozilla.org/show_bug.cgi?id=1347882 , I consider this
particular discussion RESOLVED. This means Mozilla plans to take no
On 08/03/17 16:20, Gervase Markham wrote:
> On 09/02/17 22:55, Peter Bowen wrote:
>> Policy Suggestion A) When transferring a root that is EV enabled, it
>> should be clearly stated whether the recipient of the root is also
>> receiving the EV policy OID(s).
>
> I agree with this suggestion; we
On 07/03/17 10:18, Gervase Markham wrote:
> OK. Question for group: would it make sense to add the intermediate(s)
> that GlobalSign is using for this purpose directly to the Mozilla trust
> store, with the EV bit enabled, and then remove the EV bit from the
> roots now owned by Google Trust
On 13/03/17 21:31, Jeremy Rowley wrote:
> [JR] If you recall, I did try to change the policy. I was told to
> change the RFC if I didn’t like the requirement. I find trying to
> change the RFC nearly impossible as PKIX is dead and there are too
> many other issues people would also like to
On 08/03/17 15:06, Peter Bowen wrote:
> By eliminating the DTP option, you will massively raise costs for CAs
> that rely upon local translators and information gatherers. I think a
> much better proposal would be to require the CA perform the RA
> activity contemplated by BR 3.2.2.4 and 3.2.2.5
On 09/03/17 13:32, Ryan Sleevi wrote:
> (Wearing Google hat only for this statement)
> Have you considered having this discussion in the CA/Browser Forum? Google
> had planned to discuss this very topic at our upcoming F2F about how to
> address this, and would be very interested in collaborating
17 matches
Mail list logo
