On Fri, Dec 1, 2017 at 12:34 PM, Jakob Bohm via dev-security-policy <
dev-security-policy@lists.mozilla.org> wrote:
> On 01/12/2017 17:06, Ryan Sleevi wrote:
>
>> On Fri, Dec 1, 2017 at 10:33 AM, Jakob Bohm via dev-security-policy <
>> dev-security-policy@lists.mozilla.org> wrote:
>>
>>>
>>>
On Fri, Dec 1, 2017 at 11:20 AM, Hubert Kario wrote:
> On Friday, 1 December 2017 17:11:56 CET Ryan Sleevi wrote:
> > On Fri, Dec 1, 2017 at 10:23 AM, Hubert Kario wrote:
> > > and fine for NSS too, if that changes don't have to be implemented in
> next
> >
I've placed this discussion on hold pending:
1. Updated audit statement specifying the audit period.
2. Updated CP/CPS including CAA information, BR compliance statement, and
clearer specification of the domain validation procedures that are in use.
Wayne
>On Tuesday, November 28, 2017 at
On 01/12/2017 17:06, Ryan Sleevi wrote:
On Fri, Dec 1, 2017 at 10:33 AM, Jakob Bohm via dev-security-policy <
dev-security-policy@lists.mozilla.org> wrote:
Depending on the prevalence of non-public CAs (not listed in public
indexes) based on openssl (this would be a smallish company thing more
On Friday, 1 December 2017 17:11:56 CET Ryan Sleevi wrote:
> On Fri, Dec 1, 2017 at 10:23 AM, Hubert Kario wrote:
> > and fine for NSS too, if that changes don't have to be implemented in next
> > month or two, but have to be implemented before NSS with final TLS 1.3
> >
On Friday, 1 December 2017 16:33:10 CET Jakob Bohm via dev-security-policy
wrote:
> On 01/12/2017 16:23, Hubert Kario wrote:
> > On Friday, 1 December 2017 15:33:30 CET Ryan Sleevi wrote:
> >> On Fri, Dec 1, 2017 at 7:34 AM, Hubert Kario wrote:
> It does feel like again
On Fri, Dec 1, 2017 at 10:23 AM, Hubert Kario wrote:
>
> > - Windows and NSS both apply DER-like BER parsers and do not strictly
> > reject (Postel's principle, despite Postel-was-wrong)
>
> NSS did till very recently reject them, OpenSSL 1.0.2 still rejects them
> (probably
On Fri, Dec 1, 2017 at 10:33 AM, Jakob Bohm via dev-security-policy <
dev-security-policy@lists.mozilla.org> wrote:
>
> Depending on the prevalence of non-public CAs (not listed in public
> indexes) based on openssl (this would be a smallish company thing more
> than a big enterprise thing), it
On 01/12/2017 16:23, Hubert Kario wrote:
On Friday, 1 December 2017 15:33:30 CET Ryan Sleevi wrote:
On Fri, Dec 1, 2017 at 7:34 AM, Hubert Kario wrote:
It does feel like again the argument is The CA/EE should say 'I won't do
X'
so that a client won't accept a signature
On Friday, 1 December 2017 15:33:30 CET Ryan Sleevi wrote:
> On Fri, Dec 1, 2017 at 7:34 AM, Hubert Kario wrote:
> > > It does feel like again the argument is The CA/EE should say 'I won't do
> >
> > X'
> >
> > > so that a client won't accept a signature if the CA does X,
On Fri, Dec 1, 2017 at 7:34 AM, Hubert Kario wrote:
> > It does feel like again the argument is The CA/EE should say 'I won't do
> X'
> > so that a client won't accept a signature if the CA does X, except it
> > doesn't change the security properties at all if the CA/EE does
While it is to the benefit of everyone that Richard Wang and other employees at WoSign/WoTrus have learned valuable lessons over the past year, it seems to me that far too much damage has been done for Mozilla
On Thursday, 30 November 2017 21:49:42 CET Ryan Sleevi wrote:
> On Thu, Nov 30, 2017 at 3:23 PM, Hubert Kario wrote:
> > On Thursday, 30 November 2017 18:46:12 CET Ryan Sleevi wrote:
> > > On Thu, Nov 30, 2017 at 12:21 PM, Hubert Kario
> >
> > wrote:
> > >
Thank you very much for this analysis and the time past on our request.
You will find below additional information following your comments
---
> “CP and terms and conditions are publicly available in a read‐only manner.
> The
On 30/11/17 14:52, Ryan Sleevi wrote:
> I think that, as CAA deployment becomes common, this pattern will be
> not-uncommon. I would hope we don't sound false alarms when it does.
After a little time (as it does seem some bugs are still being shaken
out), I am considering having Mozilla adopt a
15 matches
Mail list logo