The idea of a grading system being used to judge CAs compliance will be a total
disaster. We should instead be focusing our efforts on more transparency.
James
-Original Message-
From: dev-security-policy
[mailto:dev-security-policy-bounces+jb=0.me...@lists.mozilla.org] On Behalf Of
On 1/30/18 6:19 AM, Gervase Markham wrote:
On 30/01/18 00:48, James Burton wrote:
I was doing research on the ccadb.org site and was surprised to find that
the site is running only in HTTP and is not using HTTPS. Now, I understand
that GitHub pages don't support HTTPS for custom domains but you
Alex,
Most CAs probably wouldn’t aim for an A. I don’t think doing this would be a
game changer.
However there are some CAs that would. And I think that would be a positive
thing, and lead to more innovation in best practices that could become
mandatory for everyone over time.
And
Hi Wyane,
resopnding to your notes:
Section 4.9 states that in any case that Comsign is notified about a
misissuance (no matter if it was notified by a subscriber or in any other way)
Comsign shall revoke the certificate.
It is true that we didn’t update the version number and we have
That’s pretty much exactly not what I said.
From: Ryan Sleevi [mailto:r...@sleevi.com]
Sent: Tuesday, February 6, 2018 10:38 PM
To: Tim Hollebeek
Cc: Paul Kehrer ;
mozilla-dev-security-pol...@lists.mozilla.org; r...@sleevi.com
Subject:
5 matches
Mail list logo