For us at Siemens PKI this wording would work, because we establish a first
channel for email encryption to every employee when he receives his corporate
smart card / ID card. But I still think the community should have a broad
discussion what is acceptable behavior for transmitting S/MIME P12s
Here's the summary of the audit reminder email that was sent last
Tuesday, while I was on Spring Break.
Kathleen
Forwarded Message
Subject:Summary of April 2018 Audit Reminder Emails
Date: Tue, 17 Apr 2018 19:00:32 + (GMT)
From: Mozilla CA Program Manager
To: kwil
On Sun, Apr 15, 2018 at 6:47 PM, Ryan Sleevi wrote:
>
> On Sun, Apr 15, 2018 at 9:13 AM Henri Sivonen via dev-security-policy
> wrote:
>>
>> (Mozilla hat off.)
>>
>> After reading about the California versus Delaware thing when it comes
>> to the certificate for stripe.com, out of curiosity, I to
On Mon, Apr 23, 2018 at 1:11 PM, Henri Sivonen via dev-security-policy <
dev-security-policy@lists.mozilla.org> wrote:
> First, it seems to me that the Baseline Requirements allow
> transformations of the organization's name only if the CA documents
> such transformations. I am unable to find such
Section 9.2.1 of the EVGLs is stricter, only permitting abbreviations. If
this were an EV cert I would argue that it was misissued.
On Mon, Apr 23, 2018 at 12:13 PM, Ryan Sleevi via dev-security-policy <
dev-security-policy@lists.mozilla.org> wrote:
> On Mon, Apr 23, 2018 at 1:11 PM, Henri Sivone
On Sun, Apr 22, 2018 at 2:56 PM, pfuentes69--- via dev-security-policy <
dev-security-policy@lists.mozilla.org> wrote:
> I think you should consider an an exception Issuing CAs including Name
> Constraints. This would keep allowing root signing services for corporate
> CAs without forcing multiple
To close out discussion on this issue, I've updated the change by removing
the requirement to list each subCA certificate in the CPS:
https://github.com/mozilla/pkipolicy/commit/1bdcd53baf2e8b9006a5e13923ce3d66eeff927e
- Wayne
On Mon, Apr 16, 2018 at 4:51 PM, Wayne Thayer wrote:
> On Wed, Apr
Hearing no objections, I have made the proposed clarification in the
version 2.6 branch:
https://github.com/mozilla/pkipolicy/commit/def9c711163e0cae6a19866fb551e915e3bcef12
- Wayne
On Tue, Apr 17, 2018 at 11:20 AM, Wayne Thayer wrote:
> Section 5.3 of Mozilla policy states:
>
> All certificates
I'm re-sending this with the subject tagged as a 'policy 2.6 proposal' in
case anyone missed it the first time.
I am leaning toward option 2 as the best solution. The scope of section 8
could be updated to state the following:
CAs SHOULD NOT assume that trust is transferable. All CAs whose
certif
A reasonable control can include contractual controls, thus 6.6 is solved
simply via contract with the CA. Section 8.7 does give some control (and I
missed that when going through this the first time), but the audit criteria is
only that the CA reviews a 3% sample. As long as I documented that I
10 matches
Mail list logo
