Re: CA Problem Reporting Mechanisms

2017-08-15 Thread Gervase Markham via dev-security-policy
On 08/08/17 20:02, Jeremy Rowley wrote: > +1. CAs should be required to support certificate problem reports > sent through a specified email address. It simplifies the process a > lot if CAs use at least one common mechanism. https://github.com/mozilla/pkipolicy/issues/98 Gerv

Re: CA Problem Reporting Mechanisms

2017-08-08 Thread Jeremy Rowley via dev-security-policy
+1. CAs should be required to support certificate problem reports sent through a specified email address. It simplifies the process a lot if CAs use at least one common mechanism. > On Aug 8, 2017, at 12:22 PM, Jonathan Rudenberg via dev-security-policy >

RE: CA Problem Reporting Mechanisms

2017-08-08 Thread Tim Hollebeek via dev-security-policy
, 2017 10:37 AM To: mozilla-dev-security-pol...@lists.mozilla.org Subject: Re: CA Problem Reporting Mechanisms On 8/7/2017 8:09 PM, Jonathan Rudenberg wrote: > >> On May 17, 2017, at 07:24, Gervase Markham via dev-security-policy >> <dev-security-policy@lists.mozilla.org> wrote:

Re: CA Problem Reporting Mechanisms

2017-08-08 Thread Jonathan Rudenberg via dev-security-policy
> On Aug 8, 2017, at 10:36, David E. Ross via dev-security-policy > wrote: > > On 8/7/2017 8:09 PM, Jonathan Rudenberg wrote: >> >>> On May 17, 2017, at 07:24, Gervase Markham via dev-security-policy >>> wrote:

Re: CA Problem Reporting Mechanisms

2017-08-08 Thread David E. Ross via dev-security-policy
On 8/7/2017 8:09 PM, Jonathan Rudenberg wrote: > >> On May 17, 2017, at 07:24, Gervase Markham via dev-security-policy >> wrote: >> >> On 16/05/17 02:26, userwithuid wrote: >>> After skimming the responses and checking a few CAs, I'm starting to >>>

Re: CA Problem Reporting Mechanisms

2017-08-07 Thread Jonathan Rudenberg via dev-security-policy
> On May 17, 2017, at 07:24, Gervase Markham via dev-security-policy > wrote: > > On 16/05/17 02:26, userwithuid wrote: >> After skimming the responses and checking a few CAs, I'm starting to >> wonder: Wouldn't it be easier to just add another mandatory

Re: CA Problem Reporting Mechanisms

2017-05-17 Thread userwithuid via dev-security-policy
On Wednesday, May 17, 2017 at 11:24:54 AM UTC, Gervase Markham wrote: > Well, such contacts are normally per CA rather than per root. I guess we > could add it on the CA's entry. Tbh, I'm not really familiar with your salesforce setup, I was just using this as a stand-in for "place where CA can

Re: CA Problem Reporting Mechanisms

2017-05-17 Thread Gervase Markham via dev-security-policy
On 16/05/17 02:26, userwithuid wrote: > After skimming the responses and checking a few CAs, I'm starting to > wonder: Wouldn't it be easier to just add another mandatory field to > the CCADB (e..g. "revocation contact"), requiring $URL or $EMAIL via > policy and just use that to provide a public

Re: CA Problem Reporting Mechanisms

2017-05-15 Thread userwithuid via dev-security-policy
After skimming the responses and checking a few CAs, I'm starting to wonder: Wouldn't it be easier to just add another mandatory field to the CCADB (e.g. "revocation contact"), requiring $URL or $EMAIL via policy and just use that to provide a public list? It seems to me that most revocation

CA Problem Reporting Mechanisms

2017-05-15 Thread Gervase Markham via dev-security-policy
Hi all, One of the CA Communication questions was about the Problem Reporting Mechanisms that CAs are supposed to have. The answers are here: https://mozillacaprogram.secure.force.com/Communications/CACommResponsesOnlyReport?CommunicationId=a05o03WrzBC=Q00028 I would love it if someone would