Re: Policy 2.7 Proposal: Clarify Revocation Requirements for S/MIME Certificates

2019-10-28 Thread Wayne Thayer via dev-security-policy
On Mon, Oct 21, 2019 at 6:49 PM Wayne Thayer wrote: > Here are the proposed changes: > * Reinstate Mozilla's revocation requirements for S/MIME certificates: > https://github.com/mozilla/pkipolicy/commit/e6337bb76a4522da15aeb7c0862b6cc05d317814 > (replacing the original 2.7 proposal with the

Re: Policy 2.7 Proposal: Incident Reporting Updates

2019-10-28 Thread Wayne Thayer via dev-security-policy
On Tue, Oct 22, 2019 at 7:41 PM Ryan Sleevi wrote: > > On Tue, Oct 22, 2019 at 9:51 PM Wayne Thayer via dev-security-policy < > dev-security-policy@lists.mozilla.org> wrote: > >> I have added this proposal to the 2.7 branch: >> >>

Re: Policy 2.7 Proposal: Forbid Delegation of Email Validation for S/MIME Certificates

2019-10-28 Thread Wayne Thayer via dev-security-policy
On Sun, Oct 27, 2019 at 3:46 PM Buschart, Rufus wrote: > Maybe the following could be a reasonable rewording of the paragraph that > makes the intention of the discussion clear, but isn't to 'clunky': > > For a certificate capable of being used for digitally signing or > encrypting email

Re: [FORGED] Firefox removes UI for site identity

2019-10-28 Thread Paul Walsh via dev-security-policy
> On Oct 28, 2019, at 3:39 PM, Wayne Thayer wrote: > > Hi Paul, > > On Mon, Oct 28, 2019 at 2:41 PM Paul Walsh via dev-security-policy > > wrote: > > [PW] So you dislike Mozilla’s implementation for the tracker icon in the > address bar? When

Re: [FORGED] Firefox removes UI for site identity

2019-10-28 Thread Wayne Thayer via dev-security-policy
Hi Paul, On Mon, Oct 28, 2019 at 2:41 PM Paul Walsh via dev-security-policy < dev-security-policy@lists.mozilla.org> wrote: > [PW] So you dislike Mozilla’s implementation for the tracker icon in the > address bar? When you update to 70.0 you’re prompted with an > educational-type pop-out to

Re: [FORGED] Firefox removes UI for site identity

2019-10-28 Thread Paul Walsh via dev-security-policy
> On Oct 28, 2019, at 2:12 PM, James Burton wrote: > > [PW] Phil knows more about the intent so I’ll defer to his response at the > end of this thread. I would like to add that computer screens bigger than > mobile devices aren’t going away. So focusing only on mobile isn’t a good > idea. >

Re: [FORGED] Firefox removes UI for site identity

2019-10-28 Thread James Burton via dev-security-policy
> > [PW] Phil knows more about the intent so I’ll defer to his response at the > end of this thread. I would like to add that computer screens bigger than > mobile devices aren’t going away. So focusing only on mobile isn’t a good > idea. > > Thanks for the constructive conversation James, finally

Re: [FORGED] Firefox removes UI for site identity

2019-10-28 Thread Paul Walsh via dev-security-policy
On Oct 25, 2019, at 7:56 AM, Phillip Hallam-Baker wrote: > > > > On Fri, Oct 25, 2019 at 4:21 AM James Burton > wrote: > Extended validation was introduced at a time when mostly everyone browsed the > internet using low/medium resolution large screen devices that