Re: DigiCert .onion certificates without Tor Service Descriptor Hash extension

Jeremy filed the following incident report at https://bugzilla.mozilla.org/show_bug.cgi?id=1447192 : 1. How your CA first became aware of the problem (e.g. via a problem report submitted to your Problem Reporting Mechanism, via a discussion in mozilla.dev.security.policy, or via a Bugzilla bug),

Re: Policy 2.6 Proposal: Move Compliance Date into policy

On 21/03/2018 10:43, Ryan Sleevi wrote: On Tue, Mar 20, 2018 at 8:27 PM, Wayne Thayer via dev-security-policy < dev-security-policy@lists.mozilla.org> wrote: I think it's reasonable - especially in light of the discussion being had regarding 2.6 and 3.2.2.4/3.2.2.5 - that when there are

Re: Policy 2.6 Proposal: Move Compliance Date into policy

On Wed, Mar 21, 2018 at 2:43 AM, Ryan Sleevi wrote: > > > On Tue, Mar 20, 2018 at 8:27 PM, Wayne Thayer via dev-security-policy < > dev-security-policy@lists.mozilla.org> wrote: >> >> >> > I am specifically thinking of CP/CPS updates, which were a major part of >> the problem

Re: Policy 2.6 Proposal: Move Compliance Date into policy

On Tue, Mar 20, 2018 at 8:27 PM, Wayne Thayer via dev-security-policy < dev-security-policy@lists.mozilla.org> wrote: > > > I think it's reasonable - especially in light of the discussion being had > > regarding 2.6 and 3.2.2.4/3.2.2.5 - that when there are restrictions on > > the technical