Re: P-384 and ecdsa-with-SHA512: is it allowed?

On Tuesday, February 12, 2019 at 3:15:09 PM UTC-5, Wayne Thayer wrote: > Thanks Corey and Jakob, I opened a bug for this: > https://bugzilla.mozilla.org/show_bug.cgi?id=1527423 > > Corey, did you report this via DigiCert's problem reporting mechanism? > > Thanks, > > Wayne > > On Mon, Feb 11, 2

Change in Mozilla's Root Inclusion Request Process

All, As of today, CAs who already have access to the CCADB should create their new root inclusion requests (for Mozilla's program) as follows: 1) Create a Root Inclusion Bugzilla Bug. https://wiki.mozilla.org/CA/Application_Instructions#Create_Root_Inclusion.2FUpdate_Request 2) Provide all of

Updated Revocation Best Practices

Mozilla's guidance for incident response lives at https://wiki.mozilla.org/CA/Responding_To_An_Incident I just made some significant changes to the Revocation section that reflect the approach we took with the recent underscore sunset. Most notably, the following paragraph: However, it is not ou

Re: P-384 and ecdsa-with-SHA512: is it allowed?

Thanks Corey and Jakob, I opened a bug for this: https://bugzilla.mozilla.org/show_bug.cgi?id=1527423 Corey, did you report this via DigiCert's problem reporting mechanism? Thanks, Wayne On Mon, Feb 11, 2019 at 8:01 PM Jakob Bohm via dev-security-policy < dev-security-policy@lists.mozilla.org>

Re: Questions regarding the qualifications and competency of TUVIT

Wayne, We have discussed your concerns with EU stakeholders and offer the following responses. These concerns have been discussed with Webtrust and we believe that the proposals below are in line with existing accepted practices. Comment 1) We need standards that require consistent disclosu