RE: What does "No Stipulation" mean, and when is it OK to use it in CP/CPS?

2018-10-19 Thread Tim Hollebeek via dev-security-policy
I think blank sections should be disallowed. The entire purpose of "No stipulation" is to make it clear that the omission of content was intentional. With regards to some of these sections being useful, I agree that a good CPS contains more than the minimum content required from the BRs. I per

Re: Identrust Commercial Root CA 1 EV Request

2018-10-19 Thread Wayne Thayer via dev-security-policy
I've filed a bug to track this misissuance and subsequent failure to report: https://bugzilla.mozilla.org/show_bug.cgi?id=1500593 On Fri, Oct 19, 2018 at 6:22 AM identrust--- via dev-security-policy < dev-security-policy@lists.mozilla.org> wrote: > On Wednesday, October 17, 2018 at 9:08:41 PM UTC

Re: What does "No Stipulation" mean, and when is it OK to use it in CP/CPS?

2018-10-19 Thread Joanna Fox via dev-security-policy
On Thursday, October 18, 2018 at 5:47:14 PM UTC-7, Jakob Bohm wrote: > On 15/10/2018 20:01, Kathleen Wilson wrote: > > I have added the following section to the Required Practices wiki page: > > > > https://wiki.mozilla.org/CA/Required_or_Recommended_Practices#BR_Commitment_to_Comply_statement_in_

Re: Violation report - Comodo CA certificates revocation delays

2018-10-19 Thread Rob Stradling via dev-security-policy
On 19/10/2018 10:42, Ben Laurie wrote: > On Fri, 19 Oct 2018 at 10:38, Rob Stradling wrote: FWIW, we (Comodo CA) do maintain an archive of all the CRLs we've ever signed.>>> Put it in Trillian? :-) That had occurred to me.  ;-) Would it be useful? To be properly useful you would need

Re: Violation report - Comodo CA certificates revocation delays

2018-10-19 Thread Ben Laurie via dev-security-policy
On Fri, 19 Oct 2018 at 10:38, Rob Stradling wrote: > On 18/10/2018 22:55, Ben Laurie wrote: > > On Fri, 12 Oct 2018 at 19:01, Rob Stradling wrote: > > > > On 12/10/18 16:40, Ryan Sleevi via dev-security-policy wrote: > > > On Fri, Oct 12, 2018 at 8:33 AM Ben Laurie >

Re: Violation report - Comodo CA certificates revocation delays

2018-10-19 Thread Rob Stradling via dev-security-policy
On 18/10/2018 22:55, Ben Laurie wrote: On Fri, 12 Oct 2018 at 19:01, Rob Stradling wrote: On 12/10/18 16:40, Ryan Sleevi via dev-security-policy wrote: > On Fri, Oct 12, 2018 at 8:33 AM Ben Laurie mailto:b...@google.com>> wrote: >> This is one of the reasons we also need revoc