Thanks everyone for your input. This discussion has reached the conclusion
that Mozilla should deny the inclusion request for the AC Camerfirma
CHAMBERS OF COMMERCE ROOT - 2016 (CCR2016) and GLOBAL CHAMBERSIGN ROOT -
2016
As suggested, AC Camerfirma is welcome to submit a new inclusion request
El miércoles, 4 de abril de 2018, 4:10:16 (UTC+2), Matt Palmer escribió:
> On Tue, Apr 03, 2018 at 05:19:32AM -0700, ramirommunoz--- via
> dev-security-policy wrote:
> > Completely agree with you about that a new root by itself do not solve the
> > problem.
>
> The phrase you're looking for is
El martes, 3 de abril de 2018, 23:48:32 (UTC+2), okaphone.e...@gmail.com
escribió:
> On Tuesday, 3 April 2018 14:19:43 UTC+2, ramiro...@gmail.com wrote:
> > El martes, 3 de abril de 2018, 11:58:49 (UTC+2), okaphone.e...@gmail.com
> > escribió:
> > > On Monday, 2 April 2018 19:22:02 UTC+2,
On Tue, Apr 03, 2018 at 05:19:32AM -0700, ramirommunoz--- via
dev-security-policy wrote:
> Completely agree with you about that a new root by itself do not solve the
> problem.
The phrase you're looking for is "necessary but not sufficient". That is,
it is necessary to create new roots to
On Tuesday, 3 April 2018 14:19:43 UTC+2, ramiro...@gmail.com wrote:
> El martes, 3 de abril de 2018, 11:58:49 (UTC+2), okaphone.e...@gmail.com
> escribió:
> > On Monday, 2 April 2018 19:22:02 UTC+2, ramiro...@gmail.com wrote:
> > > El lunes, 2 de abril de 2018, 3:53:08 (UTC+2), Tom Prince
On Tue, Apr 3, 2018 at 8:19 AM, ramirommunoz--- via dev-security-policy <
dev-security-policy@lists.mozilla.org> wrote:
> El martes, 3 de abril de 2018, 11:58:49 (UTC+2), okaphone.e...@gmail.com
> escribió:
> > On Monday, 2 April 2018 19:22:02 UTC+2, ramiro...@gmail.com wrote:
> > > El lunes, 2
El martes, 3 de abril de 2018, 11:58:49 (UTC+2), okaphone.e...@gmail.com
escribió:
> On Monday, 2 April 2018 19:22:02 UTC+2, ramiro...@gmail.com wrote:
> > El lunes, 2 de abril de 2018, 3:53:08 (UTC+2), Tom Prince escribió:
> > > On Sunday, April 1, 2018 at 4:16:47 AM UTC-6,
On Monday, 2 April 2018 19:22:02 UTC+2, ramiro...@gmail.com wrote:
> El lunes, 2 de abril de 2018, 3:53:08 (UTC+2), Tom Prince escribió:
> > On Sunday, April 1, 2018 at 4:16:47 AM UTC-6, ramiro...@gmail.com wrote:
> > > I fully understand the proposed solution about 2018 roots but as I
> > >
El lunes, 2 de abril de 2018, 3:53:08 (UTC+2), Tom Prince escribió:
> On Sunday, April 1, 2018 at 4:16:47 AM UTC-6, ramiro...@gmail.com wrote:
> > I fully understand the proposed solution about 2018 roots but as I
> > previously said some concerns arise, [...]
>
>
> That is unfortunate for
On Mon, Apr 2, 2018 at 11:02 AM, Julian Inza via dev-security-policy <
dev-security-policy@lists.mozilla.org> wrote:
> El lunes, 2 de abril de 2018, 3:53:08 (UTC+2), Tom Prince escribió:
> > On Sunday, April 1, 2018 at 4:16:47 AM UTC-6, ramiro...@gmail.com wrote:
> > > I fully understand the
El lunes, 2 de abril de 2018, 3:53:08 (UTC+2), Tom Prince escribió:
> On Sunday, April 1, 2018 at 4:16:47 AM UTC-6, ramiro...@gmail.com wrote:
> > I fully understand the proposed solution about 2018 roots but as I
> > previously said some concerns arise, [...]
>
>
> That is unfortunate for
On Sunday, April 1, 2018 at 4:16:47 AM UTC-6, ramiro...@gmail.com wrote:
> I fully understand the proposed solution about 2018 roots but as I previously
> said some concerns arise, [...]
That is unfortunate for Camerfirma, but it is not Mozilla or this lists issue.
While people have provided
El domingo, 1 de abril de 2018, 16:29:08 (UTC+2), westm...@gmail.com escribió:
> Hi, Ramiro.
> But how will the problems persecuting your CA disappear, even if the root is
> sterile.
>
> Andrew
Thank you Andrew for your comment.
We have already solve the problems located in this bug, and
Hi, Ramiro.
But how will the problems persecuting your CA disappear, even if the root is
sterile.
Andrew
___
dev-security-policy mailing list
dev-security-policy@lists.mozilla.org
https://lists.mozilla.org/listinfo/dev-security-policy
El viernes, 30 de marzo de 2018, 17:06:35 (UTC+2), Wayne Thayer escribió:
> On Wed, Mar 28, 2018 at 3:45 AM, ramirommunoz--- via dev-security-policy <
> dev-security-policy@lists.mozilla.org> wrote:
>
> >
> > On Tuesday, March 27, 2018 at 10:37:07 PM UTC+2, Wayne Thayer wrote:
> > > Hi Ramiro,
>
On Wed, Mar 28, 2018 at 3:45 AM, ramirommunoz--- via dev-security-policy <
dev-security-policy@lists.mozilla.org> wrote:
>
> On Tuesday, March 27, 2018 at 10:37:07 PM UTC+2, Wayne Thayer wrote:
> > Hi Ramiro,
> >
> > On Fri, Mar 23, 2018 at 11:52 AM, ramirommunoz--- via
> dev-security-policy <
>
On Wednesday, March 28, 2018 at 7:34:25 AM UTC+2, Adrian R. wrote:
> Hello
> can you please sign the PDF files on that site?
>
> the very first page of CPS_eidas_EN_v_1_2_3.pdf says
> "Document valid only in digital format digitally signed by the Policy
> Authority"
>
> but the PDF that i was
On Tuesday, March 27, 2018 at 10:37:07 PM UTC+2, Wayne Thayer wrote:
> Hi Ramiro,
>
> On Fri, Mar 23, 2018 at 11:52 AM, ramirommunoz--- via dev-security-policy <
> dev-security-policy@lists.mozilla.org> wrote:
>
> > Hi Ryan
> >
> > Thanks again for your remarks.
> > In the end I am going to
Hello
can you please sign the PDF files on that site?
the very first page of CPS_eidas_EN_v_1_2_3.pdf says
"Document valid only in digital format digitally signed by the Policy Authority"
but the PDF that i was offered to download is not signed and was delivered via
a plain http link, are those
Hi Ramiro,
On Fri, Mar 23, 2018 at 11:52 AM, ramirommunoz--- via dev-security-policy <
dev-security-policy@lists.mozilla.org> wrote:
> Hi Ryan
>
> Thanks again for your remarks.
> In the end I am going to learn something of PKI :-).
> Surely I do not get a full understanding of you solution, but
On Friday, March 23, 2018 at 4:20:51 PM UTC+1, Ryan Sleevi wrote:
> On Fri, Mar 23, 2018 at 1:12 PM ramirommunoz--- via dev-security-policy <
> dev-security-policy@lists.mozilla.org> wrote:
>
> > On Thursday, March 22, 2018 at 10:43:49 PM UTC+1, Ryan Sleevi wrote:
> > > On Thu, Mar 22, 2018 at
On Fri, Mar 23, 2018 at 1:12 PM ramirommunoz--- via dev-security-policy <
dev-security-policy@lists.mozilla.org> wrote:
> On Thursday, March 22, 2018 at 10:43:49 PM UTC+1, Ryan Sleevi wrote:
> > On Thu, Mar 22, 2018 at 6:26 PM ramirommunoz--- via dev-security-policy <
> >
On Thursday, March 22, 2018 at 10:43:49 PM UTC+1, Ryan Sleevi wrote:
> On Thu, Mar 22, 2018 at 6:26 PM ramirommunoz--- via dev-security-policy <
> dev-security-policy@lists.mozilla.org> wrote:
>
> > Hi Ryan
> > Many thanks for your report. I will try to answer to your concerns about
> > our root
On Thu, Mar 22, 2018 at 6:26 PM ramirommunoz--- via dev-security-policy <
dev-security-policy@lists.mozilla.org> wrote:
> Hi Ryan
> Many thanks for your report. I will try to answer to your concerns about
> our root inclusión.
>
> > In attempt to discuss continued trust, I have attempted to
Hi Ryan
Many thanks for your report. I will try to answer to your concerns about our
root inclusión.
> In attempt to discuss continued trust, I have attempted to summarize the
> patterns and issues of note, along with the timeline from reporting to
> remediation. It is my goal that this will
Wayne,
Thank you for your detailed review of the CP/CPS.
In attempt to discuss continued trust, I have attempted to summarize the
patterns and issues of note, along with the timeline from reporting to
remediation. It is my goal that this will allow the public to make an
objective assessment of
Hi Wayne
Here my answers to the ==Meh== questions.
1 * Camerfirma has had a number of recent compliance issues as listed below:
Resolved:
* Non-BR-compliant OCSP responders:
> 1 * The inclusion request references a much older CPS [3] that doesn't
> list the 2016 versions of these roots or comply with current policies.
> I only reviewed the newer CPS [5], but this CPS (section 1.2.1)
> doesn't cover the older roots that are currently included. I believe
> this is a
On Tue, Mar 6, 2018 at 4:45 AM, ramirommunoz--- via dev-security-policy <
dev-security-policy@lists.mozilla.org> wrote:
>
> 1 * The inclusion request references a much older CPS [3] that doesn't
> list the 2016 versions of these roots or comply with current policies. I
> only reviewed the newer
On Tuesday, March 6, 2018 at 3:45:47 AM UTC-8, ramiro...@gmail.com wrote:
> Hi Wyne
> here our answers to the ==Bad== issues we are working on the ==Meh== ones.
>
> 1 * The inclusion request references a much older CPS [3] that doesn't list
> the 2016 versions of these roots or comply with
> * There are a few published, misissued, and currently unrevoked
> certificates in the CCR2016 hierarchy:
> https://crt.sh/?caid=50473=cablint,zlint,x509lint=2011-01-01
We've opened a bug: https://bugzilla.mozilla.org/show_bug.cgi?id=1443857
___
> * I am unable to locate a BR audit for the GCSR2016, but the websites trust
> bit has been requested. I first thought that this root was not intended for
> serverAuth, but section 1.2.1.4 of the CPS indicates that there is an “AC
> CAMERFIRMA GLOBAL FOR WEBSITES” subordinate CA that chains to
Hi Wyne
here our answers to the ==Bad== issues we are working on the ==Meh== ones.
1 * The inclusion request references a much older CPS [3] that doesn't list the
2016 versions of these roots or comply with current policies. I only reviewed
the newer CPS [5], but this CPS (section 1.2.1)
On Fri, Mar 2, 2018 at 3:47 PM, David E. Ross via dev-security-policy <
dev-security-policy@lists.mozilla.org> wrote:
> On 3/2/2018 2:05 PM, Wayne Thayer wrote [in part]:
>
> [snipped]
>
> NOTE: The fact that I have snipped some of the items under "==Bad=="
> does not mean I consider them
On 3/2/2018 2:05 PM, Wayne Thayer wrote [in part]:
[snipped]
NOTE: The fact that I have snipped some of the items under "==Bad=="
does not mean I consider them unimportant. However, the items on
which I comment I consider to be most important.
> ==Bad==
> * The inclusion request
This request is for inclusion of the Camerfirma CHAMBERS OF COMMERCE ROOT -
2016 (CCR2016) and GLOBAL CHAMBERSIGN ROOT - 2016 (GCSR2016) as documented
in the following bug:
https://bugzilla.mozilla.org/show_bug.cgi?id=986854
* BR Self Assessment is here:
36 matches
Mail list logo
