Re: Need remove OISTE WISeKey Global Root GA CA?

2018-02-25 Thread pfuentes69--- via dev-security-policy
Dear Andrey, In the future GB will replace GA, and GC is ECC. This replacement means that new SubCAs will be under GB, but GA must stay alive as long as there are active CAs under it, which will be still some years from now. Best, Pedro ___

Re: Need remove OISTE WISeKey Global Root GA CA?

2018-02-25 Thread westmail24--- via dev-security-policy
Pedro, The link in the first post says that the root OISTE WISeKey Global Root GB CA will replace OISTE WISeKey GA CA after adding "GB CA" in Mozilla Root Store. Now the third root "GC CA" is under consideration... I'm sorry if I misunderstood something. Andrew

Re: Need remove OISTE WISeKey Global Root GA CA?

2018-02-25 Thread pfuentes69--- via dev-security-policy
Sorry, obviously I meant "we can't control..." It seems that the address I used yesterday to answer is not enabled in this list. What I said yesterday was to state the following: 1. The contact information for WISeKey certification services is the specified in our CPS and in the CCADB. The

Re: Google OCSP service down

2018-02-25 Thread Ryan Hurst via dev-security-policy
Tim, I can see value in a ballot on how to clarify incident reporting and other contact related issues, right now 1.5.2 is pretty sparse in regards to how to handle this. I would be happy to work with you on a proposal here. Ryan On Sun, Feb 25, 2018 at 6:41 AM, Tim Hollebeek

Re: Need remove OISTE WISeKey Global Root GA CA?

2018-02-25 Thread pfuentes69--- via dev-security-policy
I sent yesterday an answer to this in behalf of Wisekey but it’s not been published. We can control if all customers configure properly their servers. The only one I found (https://mail.egov.sc/OWA) seems to be OK. ___ dev-security-policy mailing

Re: Need remove OISTE WISeKey Global Root GA CA?

2018-02-25 Thread Wayne Thayer via dev-security-policy
The test site for the root referenced in bug 1172819 is working fine in Firefox: https://gbvalidssl.hightrusted.com/ I am not able to locate any gov.sc websites properly configured for HTTPS to test. - Wayne On Sat, Feb 24, 2018 at 3:45 AM, westmail24--- via dev-security-policy <

RE: Google OCSP service down

2018-02-25 Thread Tim Hollebeek via dev-security-policy
Ryan, Wayne and I have been discussing making various improvements to 1.5.2 mandatory for all CAs. I've made a few improvements to DigiCert's CPSs in this area, but things probably still could be better. There will probably be a CA/B ballot in this area soon. DigiCert's 1.5.2 has our support