Re: ComSign Root Renewal Request

2016-04-27 Thread Eli Spitzer
On Friday, April 8, 2016 at 12:58:41 AM UTC+3, Kathleen Wilson wrote: > The status of this discussion is that we are waiting for the CA to provide > the following: > > 1) Updated/restructured CPS (both in Hebrew and translated into English). > > 2) Full BR Audit statement. > > 3) An

Re: ComSign Root Renewal Request

2016-04-05 Thread Eli Spitzer
ign Global Root CA’ inclusion process – the initial inclusion request was submitted on July 2011, and since then there have been many delays. Some of these delays were entirely out of Comsign’s control, such as a waiting queue for the public discussion which took about four months. Th

Re: ComSign Root Renewal Request

2016-03-30 Thread Eli Spitzer
On Wednesday, March 30, 2016 at 4:36:44 AM UTC+3, Andrew Whalley wrote: > Hello Jesus, > > Great points! > > > Reviewing the BR audit report of Comsign Ltd I have a few doubts regarding > > the audits accepted by Mozilla and may someone can help me. > > > > The BR audit was conducted according

Re: ComSign Root Renewal Request

2016-03-22 Thread Eli Spitzer
of certificates, which is > contrary to Section 4.9.3 of v1.3.1 of the Baseline Requirements. Certificate suspension is a practice used by ComSign only in relation to personal certificates and not SSL certificates. In the upcoming CPS revision we will specify a clarification for the issue. It can be reviewd in the linked draft. Eli Spitzer, Information security & System Management, Comsign ___ dev-security-policy mailing list dev-security-policy@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-security-policy

Re: ComSign Root Renewal Request

2016-03-22 Thread Eli Spitzer
s > contrary to Section 4.9.3 of v1.3.1 of the Baseline Requirements. Certificate suspension is a practice used by ComSign only in relation to personal certificates and not SSL certificates. In the upcoming CPS revision we will specify a clarification for the issue. It can be reviewd in the linked draft. Eli Spitzer, Information security & System Management, Comsign ___ dev-security-policy mailing list dev-security-policy@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-security-policy

Re: ComSign Root Renewal Request

2016-02-08 Thread Eli Spitzer
mmendations, based on the failure of ComSign to routinely update > their practices and documentation to adhere to the developments within the > CA/Browser Forum, despite their CPS stating they do, would be to refuse > this renewal request and, given how long such requirements

Re: ComSign Root Renewal Request

2015-12-14 Thread Eli Spitzer
On Monday, December 14, 2015 at 8:59:03 PM UTC+2, Charles Reiss wrote: > On 12/14/15 17:56, Eli Spitzer wrote: > > The SubCA "Comsign Ev SSL CA" is at its initial development stages. It was > > indeed created under "Comsign Global Root CA", but so far w

Re: ComSign Root Renewal Request

2015-12-14 Thread Eli Spitzer
nce the EV trust bit will not be active any time soon. censys.io probably picked up the certificate from a test website that is used only for development purposes. Comsign is not requesting the EV trust bit at the moment, but we are planning to so sometime in the near future. Probably not before the end o