On Tue, Oct 8, 2019 at 10:04 AM Corey Bonnell via dev-security-policy <
dev-security-policy@lists.mozilla.org> wrote:
> Unless I found a root that Ryan isn’t referring to, Mozilla Policy 2.1 (
> https://wiki.mozilla.org/CA:CertificatePolicyV2.1) would have been in
> force when the root was first
On 08/10/2019 13:41, Corey Bonnell wrote:
On Monday, October 7, 2019 at 10:52:36 AM UTC-4, Ryan Sleevi wrote:
I'm curious how folks feel about the following practice:
Imagine a CA, "Foo", that creates a new Root Certificate ("Root 1"). They
create this Root Certificate after the effective date
On Monday, October 7, 2019 at 10:52:36 AM UTC-4, Ryan Sleevi wrote:
> I'm curious how folks feel about the following practice:
>
> Imagine a CA, "Foo", that creates a new Root Certificate ("Root 1"). They
> create this Root Certificate after the effective date of the Baseline
> Requirements, but
On Mon, Oct 7, 2019 at 12:20 PM Jeremy Rowley
wrote:
> For example, suppose a root was created before a rule went into place and
> the root needs to be renewed for some reason. If the root was compliant
> before creation and modifying the profile would break something with the
> root, then
-policy On
Behalf Of Jeremy Rowley via dev-security-policy
Sent: Monday, October 7, 2019 10:21 AM
To: r...@sleevi.com
Cc: mozilla-dev-security-policy
Subject: RE: CAs cross-signing roots whose subjects don't comply with the BRs
Yeah - I like the visibility here since I know I often forget to post
don't scan, it's like a terrible version of Christmas.)
-Original Message-
From: dev-security-policy On
Behalf Of Ryan Sleevi via dev-security-policy
Sent: Monday, October 7, 2019 10:07 AM
To: Jeremy Rowley
Cc: mozilla-dev-security-policy
Subject: Re: CAs cross-signing roots whose
On 07/10/2019 17:35, Ryan Sleevi wrote:
> On Mon, Oct 7, 2019 at 11:26 AM Jakob Bohm via dev-security-policy <
> dev-security-policy@lists.mozilla.org> wrote:
>
>> On 07/10/2019 16:52, Ryan Sleevi wrote:
>>> I'm curious how folks feel about the following practice:
>>>
>>> Imagine a CA, "Foo",
On Mon, Oct 7, 2019 at 11:54 AM Jeremy Rowley
wrote:
> Are both roots trusted in the Mozilla root store? If so, could you say
> that Mozilla has approved of the root not-withstanding the non-compliance?
> If root 2 did go through the public review process and had the public look
> at the
: Monday, October 7, 2019 9:35 AM
To: Jakob Bohm
Cc: mozilla-dev-security-policy
Subject: Re: CAs cross-signing roots whose subjects don't comply with the BRs
On Mon, Oct 7, 2019 at 11:26 AM Jakob Bohm via dev-security-policy <
dev-security-policy@lists.mozilla.org> wrote:
> On 07/10/2
On Mon, Oct 7, 2019 at 11:26 AM Jakob Bohm via dev-security-policy <
dev-security-policy@lists.mozilla.org> wrote:
> On 07/10/2019 16:52, Ryan Sleevi wrote:
> > I'm curious how folks feel about the following practice:
> >
> > Imagine a CA, "Foo", that creates a new Root Certificate ("Root 1").
On 07/10/2019 16:52, Ryan Sleevi wrote:
I'm curious how folks feel about the following practice:
Imagine a CA, "Foo", that creates a new Root Certificate ("Root 1"). They
create this Root Certificate after the effective date of the Baseline
Requirements, but prior to Root Programs consistently
I'm curious how folks feel about the following practice:
Imagine a CA, "Foo", that creates a new Root Certificate ("Root 1"). They
create this Root Certificate after the effective date of the Baseline
Requirements, but prior to Root Programs consistently requiring compliance
with the Baseline
12 matches
Mail list logo