Re: AC Camerfirma Chambers of Commerce and Global Chambersign 2016 Root Inclusion Request

2018-03-27 Thread Adrian R. via dev-security-policy
Hello can you please sign the PDF files on that site? the very first page of CPS_eidas_EN_v_1_2_3.pdf says "Document valid only in digital format digitally signed by the Policy Authority" but the PDF that i was offered to download is not signed and was delivered via a plain http link, are those

Re: AC Camerfirma misissued certificates automated analysis results

2018-03-27 Thread Wayne Thayer via dev-security-policy
Thank you for sharing this information. On Mon, Mar 26, 2018 at 9:24 AM, juanangel.martingomez--- via dev-security-policy wrote: > > > We've done an automated analysis on 2018-03-13 of TSL/SSL certificates > that have been issued by our CAs: > - Camerfirma

Re: AC Camerfirma Chambers of Commerce and Global Chambersign 2016 Root Inclusion Request

2018-03-27 Thread Wayne Thayer via dev-security-policy
Hi Ramiro, On Fri, Mar 23, 2018 at 11:52 AM, ramirommunoz--- via dev-security-policy < dev-security-policy@lists.mozilla.org> wrote: > Hi Ryan > > Thanks again for your remarks. > In the end I am going to learn something of PKI :-). > Surely I do not get a full understanding of you solution, but

Re: Policy 2.6 Proposal: Remove obsolete ETSI audit requirements

2018-03-27 Thread Wayne Thayer via dev-security-policy
There has been a lot of confusion about the transition to the new standards, and I believe that this change makes it clearer that Mozilla no longer accepts audits based on the older ETSI standards. On Tue, Mar 27, 2018 at 4:28 AM, Julian Inza via dev-security-policy <

Re: Policy 2.6 Proposal: Remove obsolete ETSI audit requirements

2018-03-27 Thread Ryan Sleevi via dev-security-policy
I support this change. Previously accepted audits are covered by previously accepted policies, so there's no issue since there should be no new audits going forward using these criteria, much in the same way all new, valid WebTrust audits are using the new criteria. On Mon, Mar 26, 2018 at 4:41

Re: Policy 2.6 Proposal: Remove obsolete ETSI audit requirements

2018-03-27 Thread Julian Inza via dev-security-policy
European Conformity Assessment Bodies are nowadays issuing Audit Certificates aligned with EN 319 401, EN 319-411-1 and EN 319 411-2 standards. There is no need to explicitly deny validity to previous standars, because as Jakob states, they can reflect the chain of audits. In fact, TS 102 042

Re: Policy 2.6 Proposal: Remove obsolete ETSI audit requirements

2018-03-27 Thread Jakob Bohm via dev-security-policy
On 26/03/2018 22:41, Wayne Thayer wrote: Mozilla policy section 3.1.2.2 states: ETSI TS 102 042 and TS 101 456 audits are only acceptable for audit periods ending in July 2017 or earlier. Now that we are past this deadline, I propose that we remove all references to ETSI TS 102 042 and 101