Re: Policy 2.7.1: MRSP Issue #152: Add EV Audit exception for Policy Constraints

2020-10-16 Thread Ryan Sleevi via dev-security-policy
On Fri, Oct 16, 2020 at 9:20 AM Dimitris Zacharopoulos wrote: > > > On 2020-10-16 3:21 μ.μ., Ryan Sleevi wrote: > > > > On Fri, Oct 16, 2020 at 7:31 AM Dimitris Zacharopoulos via > dev-security-policy wrote: > >> >> >> On 2020-10-15 11:36 μ.μ., Ben Wilson via dev-security-policy wrote: >> >

Re: PEM of root certs in Mozilla's root store

2020-10-16 Thread Ryan Sleevi via dev-security-policy
On Fri, Oct 16, 2020 at 5:27 PM Jakob Bohm via dev-security-policy < dev-security-policy@lists.mozilla.org> wrote: > RFC4180 section 3 explicitly warns that there are other variants and > specifications of the CSV format, and thus the full generalizations in > RFC4180 should not be exploited to

Re: PEM of root certs in Mozilla's root store

2020-10-16 Thread Jakob Bohm via dev-security-policy
On 2020-10-16 14:11, Ryan Sleevi wrote: On Thu, Oct 15, 2020 at 7:44 PM Jakob Bohm via dev-security-policy < dev-security-policy@lists.mozilla.org> wrote: On 2020-10-15 11:57, Ryan Sleevi wrote: On Thu, Oct 15, 2020 at 1:14 AM Jakob Bohm via dev-security-policy <

Re: Policy 2.7.1: MRSP Issue #152: Add EV Audit exception for Policy Constraints

2020-10-16 Thread Dimitris Zacharopoulos via dev-security-policy
On 2020-10-16 3:21 μ.μ., Ryan Sleevi wrote: On Fri, Oct 16, 2020 at 7:31 AM Dimitris Zacharopoulos via dev-security-policy > wrote: On 2020-10-15 11:36 μ.μ., Ben Wilson via dev-security-policy wrote: >   This issue is presented for

Re: Policy 2.7.1: MRSP Issue #152: Add EV Audit exception for Policy Constraints

2020-10-16 Thread Rob Stradling via dev-security-policy
Hi Dimitris. I don't see where you're getting "in order to get an EV audit" from. The proposed language deals with whether or not a CA has got all of the audits that Mozilla deems necessary, not with whether or not a CA may obtain new audits. From: Dimitris

Re: Policy 2.7.1: MRSP Issue #152: Add EV Audit exception for Policy Constraints

2020-10-16 Thread Ryan Sleevi via dev-security-policy
On Fri, Oct 16, 2020 at 7:31 AM Dimitris Zacharopoulos via dev-security-policy wrote: > > > On 2020-10-15 11:36 μ.μ., Ben Wilson via dev-security-policy wrote: > > This issue is presented for resolution in the next version of the > Mozilla > > Root Store Policy. It is related to Issue #147 > >

Re: PEM of root certs in Mozilla's root store

2020-10-16 Thread Ryan Sleevi via dev-security-policy
On Thu, Oct 15, 2020 at 7:44 PM Jakob Bohm via dev-security-policy < dev-security-policy@lists.mozilla.org> wrote: > On 2020-10-15 11:57, Ryan Sleevi wrote: > > On Thu, Oct 15, 2020 at 1:14 AM Jakob Bohm via dev-security-policy < > > dev-security-policy@lists.mozilla.org> wrote: > > > >>> For

Re: Policy 2.7.1: MRSP Issue #152: Add EV Audit exception for Policy Constraints

2020-10-16 Thread Dimitris Zacharopoulos via dev-security-policy
Rob, This looks like a chicken-egg problem. A RootCA that wants to enable EV needs to get an EV audit. The proposed language, if I am not misunderstanding something, says that in order to get an EV audit, it must be... "EV-enabled"? Dimitris. On 2020-10-16 2:33 μ.μ., Rob Stradling wrote:

Re: Sectigo to Be Acquired by GI Partners

2020-10-16 Thread Rob Stradling via dev-security-policy
Jakob wrote: > The part needing clarification started with: > > > In addition to the questions posted by Wayne, I think it'd be useful > > to confirm: > > ... I did not address that part of Ryan's post, but Tim's delayed message did address it. See

Re: Policy 2.7.1: MRSP Issue #152: Add EV Audit exception for Policy Constraints

2020-10-16 Thread Rob Stradling via dev-security-policy
Hi Ben. I agree with Dimitris that the proposed language is a bit confusing. > "(i.e. a subordinate CA under an EV-enabled root that contains no EKU or the > id-kp-serverAuth EKU or anyExtendedKeyUsage EKU, and a certificatePolicies > extension that asserts the CABF EV OID of 2.23.140.1.1, the

Re: Policy 2.7.1: MRSP Issue #152: Add EV Audit exception for Policy Constraints

2020-10-16 Thread Dimitris Zacharopoulos via dev-security-policy
On 2020-10-15 11:36 μ.μ., Ben Wilson via dev-security-policy wrote: This issue is presented for resolution in the next version of the Mozilla Root Store Policy. It is related to Issue #147 (previously posted for discussion on this list on

Re: Sectigo to Be Acquired by GI Partners

2020-10-16 Thread Jakob Bohm via dev-security-policy
On 2020-10-16 12:33, Rob Stradling wrote: ...clarification of what meaning was intended. Merely this... "Hi Ryan. Tim Callan posted a reply to your questions last week, but his message has not yet appeared on the list. Is it stuck in a moderation queue?" The part needing clarification

Re: Sectigo to Be Acquired by GI Partners

2020-10-16 Thread Rob Stradling via dev-security-policy
> ...clarification of what meaning was intended. Merely this... "Hi Ryan. Tim Callan posted a reply to your questions last week, but his message has not yet appeared on the list. Is it stuck in a moderation queue?" ___ dev-security-policy mailing