In the discussion of how to handle certain certificates that no longer meet
CA/Browser Forum baseline requirements, Wayne asked for the "Reason that
publicly-trusted certificates are in use" by the customers. This seems to
imply that Mozilla has an opinion that the default should not be to use
On Wed, Dec 26, 2018 at 04:13:40PM +, Jeremy Rowley via dev-security-policy
wrote:
> The trust stores are always free to ignore the CAB Forum mandates and make
> their own rules. Mozilla has in the past (see the Mozilla audit
> criteria).
Whilst the trust stores *can* make their own rules,
On Wed, Dec 26, 2018 at 06:02:57PM +, Jeremy Rowley via dev-security-policy
wrote:
> Much better to treat this question as “We know X is going to happen.
> What’s the best way to mitigate the concerns of the community?” Exception
> was the wrong word in my original post. I should have used
On Wed, Dec 26, 2018 at 1:03 PM Jeremy Rowley
wrote:
> I don’t think I’m arguing that CAs should ever ignore the BRs. I’m arguing
> that deciding the consequences of failing to follow the BRs falls in the
> hands of the browsers. But I think you definitely highlighted why this
> discussion is
I don’t think I’m arguing that CAs should ever ignore the BRs. I’m arguing that
deciding the consequences of failing to follow the BRs falls in the hands of
the browsers. But I think you definitely highlighted why this discussion is
confusing. I think all agree on the following:
1.
On Wed, Dec 26, 2018 at 11:13 AM Jeremy Rowley via dev-security-policy <
dev-security-policy@lists.mozilla.org> wrote:
> Hey Matt,
>
> The trust stores are always free to ignore the CAB Forum mandates and make
> their own rules. Mozilla has in the past (see the Mozilla audit criteria
> exception
Hey Matt,
The trust stores are always free to ignore the CAB Forum mandates and make
their own rules. Mozilla has in the past (see the Mozilla audit criteria
exception for other audits outside of Webtrust and ETSI). The root stores are
also the entities that determine what happens if the
7 matches
Mail list logo