Longer term, everything is being merged into the DigiCert CPS. For Symantec,
this will happen during 2019. For Quovadis, I anticipate it’ll happen in either
2019 or 2020. When we merge the CPS docs depends on when we change the data
center to be compliant with the DigiCert CPS. For the short
On Mon, Jan 14, 2019 at 5:45 PM Wayne Thayer via dev-security-policy <
dev-security-policy@lists.mozilla.org> wrote:
> > Am I wrong to expect US CAs to be monitoring OFAC sanctions lists?
> Otherwise they would risk violating the typical "comply with applicable
> law" stipulation in section 9 of
On Mon, Jan 14, 2019 at 11:43 PM Matt Palmer via dev-security-policy <
dev-security-policy@lists.mozilla.org> wrote:
> On Mon, Jan 14, 2019 at 05:18:18PM -0700, Wayne Thayer via
> dev-security-policy wrote:
> > * Fairly recent misissuance under the currently included Hong Kong Post
> > Root CA 1:
Thanks Jeremy.
To be clear, in this case Mozilla policy requires disclosure, but a public
discussion 'resolved with a positive conclusion' is not required because
DigiCert is already a member of our program.
The policy also requires notification of any resulting changes in the
QuoVadis CP or
4 matches
Mail list logo
