Re: Submission to ct-logs of the final certificate when there is already a pre-certificate

2018-04-03 Thread Matt Palmer via dev-security-policy
On Tue, Apr 03, 2018 at 01:49:58AM +0200, Jakob Bohm via dev-security-policy wrote: > On 02/04/2018 18:26, Tom Delmas wrote: > > Following the discussion on > > https://community.letsencrypt.org/t/non-logging-of-final-certificates/58394 > > > > What is the position of Mozilla about the

Re: 825 days success and future progress!

2018-04-03 Thread Matt Palmer via dev-security-policy
On Tue, Apr 03, 2018 at 03:16:53AM +0200, Jakob Bohm via dev-security-policy wrote: > On 03/04/2018 02:35, Kurt Roeckx wrote: > > On Tue, Apr 03, 2018 at 02:11:07AM +0200, Jakob Bohm via > > dev-security-policy wrote: > > > seems > > > to be mostly justified as a poor workaround for the browsers

Re: AC Camerfirma Chambers of Commerce and Global Chambersign 2016 Root Inclusion Request

2018-04-03 Thread Matt Palmer via dev-security-policy
On Tue, Apr 03, 2018 at 05:19:32AM -0700, ramirommunoz--- via dev-security-policy wrote: > Completely agree with you about that a new root by itself do not solve the > problem. The phrase you're looking for is "necessary but not sufficient". That is, it is necessary to create new roots to

Re: AC Camerfirma Chambers of Commerce and Global Chambersign 2016 Root Inclusion Request

2018-04-03 Thread okaphone.elektronika--- via dev-security-policy
On Tuesday, 3 April 2018 14:19:43 UTC+2, ramiro...@gmail.com wrote: > El martes, 3 de abril de 2018, 11:58:49 (UTC+2), okaphone.e...@gmail.com > escribió: > > On Monday, 2 April 2018 19:22:02 UTC+2, ramiro...@gmail.com wrote: > > > El lunes, 2 de abril de 2018, 3:53:08 (UTC+2), Tom Prince

Re: FW: Complying with Mozilla policy on email validation

2018-04-03 Thread Wayne Thayer via dev-security-policy
On Tue, Apr 3, 2018 at 11:42 AM, Matthew Hardeman via dev-security-policy < dev-security-policy@lists.mozilla.org> wrote: > On Tue, Apr 3, 2018 at 12:19 PM, Ryan Hurst via dev-security-policy < > dev-security-policy@lists.mozilla.org> wrote: > > > > > > > For example, if we consider a CA

Re: FW: Complying with Mozilla policy on email validation

2018-04-03 Thread Wayne Thayer via dev-security-policy
On Tue, Apr 3, 2018 at 10:19 AM, Ryan Hurst via dev-security-policy < dev-security-policy@lists.mozilla.org> wrote: > Reading this thread and thinking the current text, based on the > interpretation discussed, does not accommodate a few cases that I think are > useful. > > For example, if we

Re: FW: Complying with Mozilla policy on email validation

2018-04-03 Thread Matthew Hardeman via dev-security-policy
On Tue, Apr 3, 2018 at 12:19 PM, Ryan Hurst via dev-security-policy < dev-security-policy@lists.mozilla.org> wrote: > > > For example, if we consider a CA supporting a large mail provider in > providing S/MIME certificates to all of its customers. In this model, the > mail provider is the

Re: FW: Complying with Mozilla policy on email validation

2018-04-03 Thread Ryan Hurst via dev-security-policy
On Monday, April 2, 2018 at 1:10:13 PM UTC-7, Wayne Thayer wrote: > I'm forwarding this for Tim because the list rejected it as SPAM. > > > > *From:* Tim Hollebeek > *Sent:* Monday, April 2, 2018 2:22 PM > *To:* 'mozilla-dev-security-policy' lists.mozilla.org> >

Re: Audits for new subCAs

2018-04-03 Thread Jakob Bohm via dev-security-policy
On 03/04/2018 14:57, Ryan Sleevi wrote: On Mon, Apr 2, 2018 at 9:03 PM, Jakob Bohm via dev-security-policy < dev-security-policy@lists.mozilla.org> wrote: On 03/04/2018 02:15, Wayne Thayer wrote: On Mon, Apr 2, 2018 at 4:36 PM, Jakob Bohm via dev-security-policy <

Re: Policy 2.6 Proposal: Require audits back to first issuance

2018-04-03 Thread tom.prince--- via dev-security-policy
On Monday, April 2, 2018 at 7:12:19 PM UTC-6, Wayne Thayer wrote: > In section 2.3 (Baseline Requirements Conformance), add a new bullet that > states "Before being included, CAs MUST provide evidence that their root > certificates have continually, from the time of creation, complied with the >

Re: AC Camerfirma Chambers of Commerce and Global Chambersign 2016 Root Inclusion Request

2018-04-03 Thread Ryan Sleevi via dev-security-policy
On Tue, Apr 3, 2018 at 8:19 AM, ramirommunoz--- via dev-security-policy < dev-security-policy@lists.mozilla.org> wrote: > El martes, 3 de abril de 2018, 11:58:49 (UTC+2), okaphone.e...@gmail.com > escribió: > > On Monday, 2 April 2018 19:22:02 UTC+2, ramiro...@gmail.com wrote: > > > El lunes, 2

Re: Audits for new subCAs

2018-04-03 Thread Ryan Sleevi via dev-security-policy
On Mon, Apr 2, 2018 at 9:03 PM, Jakob Bohm via dev-security-policy < dev-security-policy@lists.mozilla.org> wrote: > On 03/04/2018 02:15, Wayne Thayer wrote: > >> On Mon, Apr 2, 2018 at 4:36 PM, Jakob Bohm via dev-security-policy < >> dev-security-policy@lists.mozilla.org> wrote: >> >> >>> While

Re: AC Camerfirma Chambers of Commerce and Global Chambersign 2016 Root Inclusion Request

2018-04-03 Thread ramirommunoz--- via dev-security-policy
El martes, 3 de abril de 2018, 11:58:49 (UTC+2), okaphone.e...@gmail.com escribió: > On Monday, 2 April 2018 19:22:02 UTC+2, ramiro...@gmail.com wrote: > > El lunes, 2 de abril de 2018, 3:53:08 (UTC+2), Tom Prince escribió: > > > On Sunday, April 1, 2018 at 4:16:47 AM UTC-6,

Re: AC Camerfirma Chambers of Commerce and Global Chambersign 2016 Root Inclusion Request

2018-04-03 Thread okaphone.elektronika--- via dev-security-policy
On Monday, 2 April 2018 19:22:02 UTC+2, ramiro...@gmail.com wrote: > El lunes, 2 de abril de 2018, 3:53:08 (UTC+2), Tom Prince escribió: > > On Sunday, April 1, 2018 at 4:16:47 AM UTC-6, ramiro...@gmail.com wrote: > > > I fully understand the proposed solution about 2018 roots but as I > > >