>
> In this larger light, it would also seem that StartCom, having misissued a
number of certificates already under their new hierarchy, which present a
risk to Mozilla users (revocation is neither an excuse nor a mitigation for
misissuance), should be required to take corrective steps and
On Friday, 4 August 2017 03:16:45 UTC+2, Matt Palmer wrote:
> On Thu, Aug 03, 2017 at 01:43:08PM -0700, Kathleen Wilson via
> dev-security-policy wrote:
> > However, I think it is fine for Certinomis to cross-sign with new StartCom
> > subCA certs, as long as Certinomis ensures that Mozilla's
The Common CCADB Policy states:
> CAs must provide English versions of any Certificate Policy, Certification
> Practice Statement and Audit documents which are not originally in English,
> with version numbers matching the document they are a translation of.
The page at
On Friday, August 4, 2017 at 12:27:13 AM UTC, Kathleen Wilson wrote:
> Along this line of discussion, I have not felt comfortable with StartCom's
> current root inclusion request (bug #1381406), because Hanno raised a concern
> about the private key used by the new root is also used by two
On Thursday, August 3, 2017 at 3:55:34 PM UTC-7, Kathleen Wilson wrote:
> On Monday, July 10, 2017 at 12:47:31 PM UTC-7, Kathleen Wilson wrote:
> > I also think we should remove the old WoSign root certs from NSS.
> >
> > Reference:
> > https://wiki.mozilla.org/CA/Additional_Trust_Changes#WoSign
5 matches
Mail list logo