Re: OISTE WISeKey Global Root GC CA Root Inclusion Request

2018-06-25 Thread Pedro Fuentes via dev-security-policy
I hope you realize that these discussions were happening well after we started the inclusion request in Bugzilla, and I can't even see how what we did wasn't compliant with BR 8.1, even with the current wording. Nevertheless, can we at least agree that our plan to advance the start of the

Re: OISTE WISeKey Global Root GC CA Root Inclusion Request

2018-06-25 Thread Wayne Thayer via dev-security-policy
On Mon, Jun 25, 2018 at 2:45 PM Ryan Sleevi via dev-security-policy < dev-security-policy@lists.mozilla.org> wrote: > On Mon, Jun 25, 2018 at 5:12 PM, Pedro Fuentes via dev-security-policy < > dev-security-policy@lists.mozilla.org> wrote: > > 7. In my humble opinion, I think that these

Re: OISTE WISeKey Global Root GC CA Root Inclusion Request

2018-06-25 Thread Ryan Sleevi via dev-security-policy
On Mon, Jun 25, 2018 at 5:12 PM, Pedro Fuentes via dev-security-policy < dev-security-policy@lists.mozilla.org> wrote: > Hi Ryan, > thanks for your time reviewing this. I really appreciate your comments. > > As I have this week the auditors in the office, I prefer to check with > them before

Re: OISTE WISeKey Global Root GC CA Root Inclusion Request

2018-06-25 Thread Pedro Fuentes via dev-security-policy
Hi Ryan, thanks for your time reviewing this. I really appreciate your comments. As I have this week the auditors in the office, I prefer to check with them before issuing a more formal answer, because you're expressing concerns related to the audit practices that I'm not qualified enough to

Re: Certificates with improperly normalized IDNs

2018-06-25 Thread Peter Saint-Andre via dev-security-policy
On 6/25/18 1:35 PM, swchang10--- via dev-security-policy wrote: > On Friday, August 11, 2017 at 6:54:22 AM UTC-7, Peter Bowen wrote: >> On Thu, Aug 10, 2017 at 1:22 PM, Jonathan Rudenberg via >> dev-security-policy wrote: >>> RFC 5280 section 7.2 and the associated IDNA RFC requires that >>>

Re: Certificates with improperly normalized IDNs

2018-06-25 Thread swchang10--- via dev-security-policy
On Friday, August 11, 2017 at 6:54:22 AM UTC-7, Peter Bowen wrote: > On Thu, Aug 10, 2017 at 1:22 PM, Jonathan Rudenberg via > dev-security-policy wrote: > > RFC 5280 section 7.2 and the associated IDNA RFC requires that > > Internationalized Domain Names are normalized before encoding to

Re: OISTE WISeKey Global Root GC CA Root Inclusion Request

2018-06-25 Thread Ryan Sleevi via dev-security-policy
Hi Pedro, I followed-up with folks to better understand the circumstances of your audits and the existing practicioner guidance. From these conversations, my understanding is that WebTrust is working to provide better practicioner clarity around these scenarios. To recap, the particular scenario