Re: Yet more undisclosed intermediates

2019-01-02 Thread Wayne Thayer via dev-security-policy
On Wed, Jan 2, 2019 at 11:32 AM Jakob Bohm via dev-security-policy < dev-security-policy@lists.mozilla.org> wrote: > On 02/01/2019 17:17, Wayne Thayer wrote: > > The options to consider are: > > 1. Continue with current policy of treating non-disclosure of > unconstrained > > intermediates as an

Re: Yet more undisclosed intermediates

2019-01-02 Thread Ryan Sleevi via dev-security-policy
On Wed, Jan 2, 2019 at 1:32 PM Jakob Bohm via dev-security-policy < dev-security-policy@lists.mozilla.org> wrote: > > 2. Change our policy to state that any undisclosed intermediate we > discover > > will be immediately and permanently added to OneCRL. > > This needs adding some logical criteria,

Re: Yet more undisclosed intermediates

2019-01-02 Thread Ryan Sleevi via dev-security-policy
On Wed, Jan 2, 2019 at 11:18 AM Wayne Thayer via dev-security-policy < dev-security-policy@lists.mozilla.org> wrote: > The options to consider are: > 1. Continue with current policy of treating non-disclosure of unconstrained > intermediates as an incident. This could eventually lead to having

Re: Yet more undisclosed intermediates

2019-01-02 Thread Wayne Thayer via dev-security-policy
On Wed, Jan 2, 2019 at 7:10 AM Rob Stradling via dev-security-policy < dev-security-policy@lists.mozilla.org> wrote: > On 02/01/2019 13:44, info--- via dev-security-policy wrote: > > El miércoles, 2 de enero de 2019, 12:49:52 (UTC+1), Rob Stradling > escribió: > >> On 09/10/2018 23:53, Wayne

Re: Yet more undisclosed intermediates

2019-01-02 Thread Rob Stradling via dev-security-policy
On 02/01/2019 13:44, info--- via dev-security-policy wrote: > El miércoles, 2 de enero de 2019, 12:49:52 (UTC+1), Rob Stradling escribió: >> On 09/10/2018 23:53, Wayne Thayer wrote: >>> On Tue, Oct 9, 2018 at 3:43 AM Rob Stradling wrote: >>> Wayne, Kathleen: >>> Given the number of

Re: Yet more undisclosed intermediates

2019-01-02 Thread info--- via dev-security-policy
El miércoles, 2 de enero de 2019, 12:49:52 (UTC+1), Rob Stradling escribió: > On 09/10/2018 23:53, Wayne Thayer wrote: > > On Tue, Oct 9, 2018 at 3:43 AM Rob Stradling wrote: > > Wayne, Kathleen: > > Given the number of times that all the CAs in Mozilla's Root Program > > have been

Re: Yet more undisclosed intermediates

2019-01-02 Thread Rob Stradling via dev-security-policy
On 09/10/2018 23:53, Wayne Thayer wrote: > On Tue, Oct 9, 2018 at 3:43 AM Rob Stradling wrote: > Wayne, Kathleen: > Given the number of times that all the CAs in Mozilla's Root Program > have been reminded about Mozilla's requirements for disclosing > intermediate certs, I wouldn't

Re: Use cases of publicly-trusted certificates

2019-01-02 Thread Jakob Bohm via dev-security-policy
On 30/12/2018 14:18, Nick Lamb wrote: On Thu, 27 Dec 2018 22:43:19 +0100 Jakob Bohm via dev-security-policy wrote: You must be traveling in a rather limited bubble of PKIX experts, all of whom live and breathe the reading of RFC5280. Technical people outside that bubble may have easily

Re: When should honest subscribers expect sudden (24 hours / 120 hours) revocations?

2019-01-02 Thread Jakob Bohm via dev-security-policy
Happy new year, On 30/12/2018 01:32, Peter Bowen wrote: > > > On Thu, Dec 27, 2018 at 8:43 PM Jakob Bohm via dev-security-policy > > wrote: > > So absent a bad CA, I wonder where there is a rule that subscribers > should be ready to