Re: FW: Complying with Mozilla policy on email validation

On 5/4/2018 3:08 πμ, Wayne Thayer via dev-security-policy wrote: I think the existing language in section 2.2(2) also supports the federated authentication system use case you described. It says that the CA "takes reasonable measures to verify that the entity submitting the request controls the

Re: FW: Complying with Mozilla policy on email validation

On Thursday, 5 April 2018 03:08:44 UTC+3, Wayne Thayer wrote: [...] > If a CA first confirms that it is a condition of a > particular federated authentication system that a user must have proven > control over the email account that constitutes their username to activate > their account, then

Re: FW: Complying with Mozilla policy on email validation

On Wed, Apr 4, 2018 at 3:44 PM, Ryan Hurst via dev-security-policy < dev-security-policy@lists.mozilla.org> wrote: > On Wednesday, April 4, 2018 at 3:39:46 PM UTC-7, Wayne Thayer wrote: > > On Wed, Apr 4, 2018 at 2:44 PM, Ryan Hurst via dev-security-policy < > > > My opinion on this method and on

Re: FW: Complying with Mozilla policy on email validation

On Wednesday, April 4, 2018 at 3:39:46 PM UTC-7, Wayne Thayer wrote: > On Wed, Apr 4, 2018 at 2:44 PM, Ryan Hurst via dev-security-policy < > > My opinion on this method and on Adrian's comments is that the CA/Browser > Forum, with it's new-found ability to create an S/MIME Working Group, is a >

Re: FW: Complying with Mozilla policy on email validation

On Wed, Apr 4, 2018 at 2:44 PM, Ryan Hurst via dev-security-policy < dev-security-policy@lists.mozilla.org> wrote: > On Tuesday, April 3, 2018 at 1:17:50 PM UTC-7, Wayne Thayer wrote: > > > I agree that name constraints would be difficult to implement in this > > scenario, but I'm less convinced

Re: FW: Complying with Mozilla policy on email validation

On Tuesday, April 3, 2018 at 1:17:50 PM UTC-7, Wayne Thayer wrote: > > I agree that name constraints would be difficult to implement in this > scenario, but I'm less convinced that section 2.2(2) doesn't permit this. > It says: > > > *For a certificate capable of being used for digitally signing

Re: FW: Complying with Mozilla policy on email validation

On Tuesday, 3 April 2018 20:19:40 UTC+3, Ryan Hurst wrote: > > Reading this thread and thinking the current text, based on the > interpretation discussed, does not accommodate a few cases that I think are > useful. > > For example, if we consider a CA supporting a large mail provider in >

Re: FW: Complying with Mozilla policy on email validation

On Tue, Apr 3, 2018 at 11:42 AM, Matthew Hardeman via dev-security-policy < dev-security-policy@lists.mozilla.org> wrote: > On Tue, Apr 3, 2018 at 12:19 PM, Ryan Hurst via dev-security-policy < > dev-security-policy@lists.mozilla.org> wrote: > > > > > > > For example, if we consider a CA

Re: FW: Complying with Mozilla policy on email validation

On Tue, Apr 3, 2018 at 10:19 AM, Ryan Hurst via dev-security-policy < dev-security-policy@lists.mozilla.org> wrote: > Reading this thread and thinking the current text, based on the > interpretation discussed, does not accommodate a few cases that I think are > useful. > > For example, if we

Re: FW: Complying with Mozilla policy on email validation

On Tue, Apr 3, 2018 at 12:19 PM, Ryan Hurst via dev-security-policy < dev-security-policy@lists.mozilla.org> wrote: > > > For example, if we consider a CA supporting a large mail provider in > providing S/MIME certificates to all of its customers. In this model, the > mail provider is the

Re: FW: Complying with Mozilla policy on email validation

On Monday, April 2, 2018 at 1:10:13 PM UTC-7, Wayne Thayer wrote: > I'm forwarding this for Tim because the list rejected it as SPAM. > > > > *From:* Tim Hollebeek > *Sent:* Monday, April 2, 2018 2:22 PM > *To:* 'mozilla-dev-security-policy' lists.mozilla.org> >

Fwd: FW: Complying with Mozilla policy on email validation

I'm forwarding this for Tim because the list rejected it as SPAM. *From:* Tim Hollebeek *Sent:* Monday, April 2, 2018 2:22 PM *To:* 'mozilla-dev-security-policy' *Subject:* Complying with Mozilla policy on email validation Mozilla policy