Re: [FORGED] Fwd: Intent to Ship: Move Extended Validation Information out of the URL bar

For EV certificate being useful in email, email client software should give a special EV treatment to such certificate.  I am not aware of any email client software that support any special EV treatment at all.  Do you have more information to share with us? -- Man Ho On 13-Aug-19 5:12 PM,

Re: Unretrievable CPS documents listed in CCADB

I could be wrong, but some browsers (IE/Chrome) seems to cache downloaded PDF file and display the cache file if the filename is the same. If it's true, end user may be actually reading an outdated PDF file. - Man Ho On 04-May-19 3:18 AM, Wayne Thayer via dev-security-policy wrote: > A

Re: Arabtec Holding public key? [Weird Digicert issued cert]

I don't think that it's trivial for less-skilled user to obtain the CSR of "DigiCert Global Root G2" certificate and posting it in the request of another certificate, right? On 15-Apr-19 6:57 PM, Jakob Bohm via dev-security-policy wrote: > Thanks for the explanation. > > Is it possible that a

Re: Request to Include Hongkong Post Root CA 3

r comments, you're welcome to bring it out. :) On 17-Jan-19 10:25 AM, Man Ho via dev-security-policy wrote: Thanks for all the comments. I'm preparing now to apply the relevant changes from the "Pre-production" CPS in the current CPS to clarify these concerns. Specifically, 1. cor

Re: Request to Include Hongkong Post Root CA 3

I've just fill in the incident report [1], https://bugzilla.mozilla.org/show_bug.cgi?id=1520299 On 16-Jan-19 5:30 AM, Wayne Thayer via dev-security-policy wrote: There were no unresolved incidents, but I just created one to document the misissued certificates that were revoked in August

Re: Request to Include Hongkong Post Root CA 3

Thanks for all the comments. I'm preparing now to apply the relevant changes from the "Pre-production" CPS in the current CPS to clarify these concerns. Specifically, 1. correct the description of revocation process to fix the suspension and revocation issue. 2. make a statement in PREAMBLE

Re: Request to Include Hongkong Post Root CA 3

On 15-Jan-19 12:31 PM, Ian Carroll via dev-security-policy wrote: > from looking at [3] I think it should be a > very negative mark against a CA to have to OneCRL one of their > intermediates. [3] was reported and discussed three years ago. When I look at it positively today, it does remind me

Re: CA Communication: Underscores in dNSNames

When the ballot said "... would result in a valid domain label", does it mean that "... would result in a valid domain name of the applicant, that has passed the same level of domain authorization (DV, OV, EV) check? Secondly, is it necessary for CAs to state their practice of handling