On 09/05/17 18:25, Doug Beattie wrote:
> I'm not clear on what you mean by CAs must use only the 10 Blessed Methods by
> 21st July 2017.
>
> I'm assuming this is the latest official draft:
>
> https://github.com/mozilla/pkipolicy/blob/master/rootstore/policy.md
Yes :-)
> Specifically, does t
On 08/05/17 13:24, Gervase Markham wrote:
> 8) Please explain how the Management Assertions for your December 2014
Strike this question; it's based on a misunderstanding of how audits are
done.
Let's add:
10) Do you agree that, during the period of time that Symantec
cross-signed the Federal PK
Hello Rick,
This weekend you asked "customers and the browser community to pause on
decisions related to this matter until final proposals are posted and
accepted."
More than 48 hours ago I asked if you could provide someone sort of
estimate on when this proposal would be ready to be shared with
On 09/05/17 16:51, Gervase Markham wrote:
> * Editing the proposal to withdraw the "alternative" option, leaving
> only the "new PKI" option.
This has now been done:
https://docs.google.com/document/d/1RhDcwbMeqgE2Cb5e6xaPq-lUPmatQZwx3Sn2NPz9jF8/edit#
> * Engagement here in m.d.s.p. with the co
In this context, I was wondering: Has there been a discussion yet on Firefox
enforcing cert lifetime in code not just via policy?
Most everything seems to be in place already due to EV, but DV doesn't have a
limit atm. [0]
Now in practice, thanks to killing sha1, most of those legacy certs are
The next step, if Symantec wish to continue to use their current PKI in the
future, should be logging (ASAP) *all* of the certificates they issued to a CT
log, then we'll know how deep is the rabbit hole.
___
dev-security-policy mailing list
dev-securit
On Wednesday, 10 May 2017 17:52:40 UTC+2, Gervase Markham wrote:
> On 09/05/17 16:51, Gervase Markham wrote:
> > * Editing the proposal to withdraw the "alternative" option, leaving
> > only the "new PKI" option.
>
> This has now been done:
>
> https://docs.google.com/document/d/1RhDcwbMeqgE2Cb
On Wednesday, May 10, 2017 at 7:59:37 PM UTC+2, Itzhak Daniel wrote:
> The next step, if Symantec wish to continue to use their current PKI in the
> future, should be logging (ASAP) *all* of the certificates they issued to a
> CT log, then we'll know how deep is the rabbit hole.
already the case
On Tue, May 09, 2017 at 07:03:16PM +0200, Kurt Roeckx via dev-security-policy
wrote:
>
> Instead of the removal of the roots, I suggest we either ask them
> to revoke all the intermediate CAs that do not have the required
> audits or that Mozilla adds them to OneCRL.
Just to clarify, I believe t
On Wed, May 10, 2017 at 2:06 PM, mono.riot--- via dev-security-policy <
dev-security-policy@lists.mozilla.org> wrote:
> On Wednesday, May 10, 2017 at 7:59:37 PM UTC+2, Itzhak Daniel wrote:
> > The next step, if Symantec wish to continue to use their current PKI in
> the future, should be logging (
10 matches
Mail list logo
