Re: Policy 2.5 Proposal: Require all CAs to have appropriate network security

Fair enough. This is absolutely the sort of stuff that needs to be part of regular auditing. I was wondering what sort of checking or enforcement you had in mind by including it in the Mozilla policy now? Perhaps

Re: DRAFT: Notice to CAs about CCADB changes May 19-21

I've been receiving questions about this update, so hopefully the following will clarify... CAs now login to the CCADB at this URL: https://ccadb.force.com There is no login required to view the public-facing reports and the responses to the CA Communications. The links to those have been upda

Re: Google Plan for Symantec posted

On Mon, May 22, 2017 at 9:33 AM, Gervase Markham via dev-security-policy wrote: > On 19/05/17 21:04, Kathleen Wilson wrote: >> - What validity periods should be allowed for SSL certs being issued >> in the old PKI (until the new PKI is ready)? > > Symantec is required only to be issuing in the new

Re: Policy 2.5 Proposal: Require all CAs to have appropriate network security

On 24/05/17 15:31, Peter Kurrasch wrote: > It might be fair to characterize my position as "vague but > comprehensive"...if that's even possible? There are some standard-ish > frameworks that could be adopted: I think we would prefer to wait for the CAB Forum to adopt something rather than attempt

Re: Policy 2.5 Proposal: Require all CAs to have appropriate network security

It might be fair to characterize my position as "vague but comprehensive"...if that's even possible? There are some standard-ish frameworks that could be adopted:- NIST has an existing framework that is currently