Re: Taiwan GRCA Root Renewal Request

On Fri, Jan 12, 2018 at 2:27 PM, Wayne Thayer via dev-security-policy < dev-security-policy@lists.mozilla.org> wrote: > On Thursday, June 1, 2017 at 5:03:15 PM UTC-7, Kathleen Wilson wrote: > > On Friday, May 26, 2017 at 9:32:57 AM UTC-7, Kathleen Wilson wrote: > > > On Wednesday, March 15, 2017

Re: Summary of Responses to the November CA Communication

I don't think that's terribly germane to the discussion here, but you can see more details at https://cabforum.org/pipermail/public/2018-January/012851.html As it relates to *this* discussion, however, is an understanding that the current set of CA/Browser Forum issues with respect to adhering to

Re: DRAFT January 2018 CA Communication

Thanks Jakob. I updated the draft as described below. On Fri, Jan 26, 2018 at 10:42 AM, Jakob Bohm via dev-security-policy < dev-security-policy@lists.mozilla.org> wrote: > > I think a number of the questions/actions need additional options: > > For ACTION 1: > > (These 3 are between the 1st and

Re: Summary of Responses to the November CA Communication

You really should set up a emergency conference call with all members of the CAB Forums and talk about these issues with chair. If you and other members feel that the answers are not satisfactory then you can vote to remove the Chair for dereliction of duty and place the sub-Chair in charge of the

Re: DRAFT January 2018 CA Communication

On 26/01/2018 18:11, Wayne Thayer wrote: Based on the feedback we've received, but sticking with the original intent of this communication, I have converted it into a survey. You can find a draft at: https://wiki.mozilla.org/CA/Communications#January_2018_CA_Communication I would appreciate

Re: DRAFT January 2018 CA Communication

Based on the feedback we've received, but sticking with the original intent of this communication, I have converted it into a survey. You can find a draft at: https://wiki.mozilla.org/CA/Communications#January_2018_CA_Communication I would appreciate your comments on this. I have set the

Re: Summary of Responses to the November CA Communication

On Fri, Jan 26, 2018 at 5:43 AM Gervase Markham wrote: > On 24/01/18 13:56, Ryan Sleevi wrote: > >> more frequently when requirements change. I propose that we require CAs > to > >> update their CPS to comply with version 2.5 of the Mozilla root store > >> policy no later than

Re: DRAFT January 2018 CA Communication

On Fri, Jan 26, 2018 at 5:24 AM Gervase Markham via dev-security-policy < dev-security-policy@lists.mozilla.org> wrote: > On 24/01/18 22:19, Jonathan Rudenberg wrote: > > While these CAs might want six months, it’s not clear that a good > > argument has been made for this. Let’s Encrypt stopped

Re: Summary of Responses to the November CA Communication

On 24/01/18 21:41, Wayne Thayer wrote: > First off, I question if we would really use lesser sanctions more often. I > think we would still want to coordinate their implementation with other > user agents, and that is a tedious process. I think it's important for root programs to make independent

Re: Summary of Responses to the November CA Communication

On 24/01/18 13:56, Ryan Sleevi wrote: >> more frequently when requirements change. I propose that we require CAs to >> update their CPS to comply with version 2.5 of the Mozilla root store >> policy no later than 15-April 2018. I think Ryan is right here; the deadline for complying with most of

Re: DRAFT January 2018 CA Communication

On 24/01/18 22:19, Jonathan Rudenberg wrote: > While these CAs might want six months, it’s not clear that a good > argument has been made for this. Let’s Encrypt stopped validating > using the TLS-SNI-01 method under two hours after learning that there > was a *potential* security vulnerability in