On 5/4/2018 3:08 πμ, Wayne Thayer via dev-security-policy wrote:
I think the existing language in section 2.2(2) also supports the
federated authentication system use case you described. It says that the CA
"takes reasonable measures to verify that the entity submitting the request
controls the
On Thursday, 5 April 2018 03:08:44 UTC+3, Wayne Thayer wrote:
[...]
> If a CA first confirms that it is a condition of a
> particular federated authentication system that a user must have proven
> control over the email account that constitutes their username to activate
> their account, then
On Wed, Apr 4, 2018 at 3:44 PM, Ryan Hurst via dev-security-policy <
dev-security-policy@lists.mozilla.org> wrote:
> On Wednesday, April 4, 2018 at 3:39:46 PM UTC-7, Wayne Thayer wrote:
> > On Wed, Apr 4, 2018 at 2:44 PM, Ryan Hurst via dev-security-policy <
> > > My opinion on this method and on
On Wednesday, April 4, 2018 at 3:39:46 PM UTC-7, Wayne Thayer wrote:
> On Wed, Apr 4, 2018 at 2:44 PM, Ryan Hurst via dev-security-policy <
> > My opinion on this method and on Adrian's comments is that the CA/Browser
> Forum, with it's new-found ability to create an S/MIME Working Group, is a
>
On Wed, Apr 4, 2018 at 2:44 PM, Ryan Hurst via dev-security-policy <
dev-security-policy@lists.mozilla.org> wrote:
> On Tuesday, April 3, 2018 at 1:17:50 PM UTC-7, Wayne Thayer wrote:
> > > I agree that name constraints would be difficult to implement in this
> > scenario, but I'm less convinced
On Tuesday, April 3, 2018 at 1:17:50 PM UTC-7, Wayne Thayer wrote:
> > I agree that name constraints would be difficult to implement in this
> scenario, but I'm less convinced that section 2.2(2) doesn't permit this.
> It says:
>
>
> *For a certificate capable of being used for digitally signing
On Tuesday, 3 April 2018 20:19:40 UTC+3, Ryan Hurst wrote:
>
> Reading this thread and thinking the current text, based on the
> interpretation discussed, does not accommodate a few cases that I think are
> useful.
>
> For example, if we consider a CA supporting a large mail provider in
>
On Tue, Apr 3, 2018 at 11:42 AM, Matthew Hardeman via dev-security-policy <
dev-security-policy@lists.mozilla.org> wrote:
> On Tue, Apr 3, 2018 at 12:19 PM, Ryan Hurst via dev-security-policy <
> dev-security-policy@lists.mozilla.org> wrote:
>
> >
> >
> > For example, if we consider a CA
On Tue, Apr 3, 2018 at 10:19 AM, Ryan Hurst via dev-security-policy <
dev-security-policy@lists.mozilla.org> wrote:
> Reading this thread and thinking the current text, based on the
> interpretation discussed, does not accommodate a few cases that I think are
> useful.
>
> For example, if we
On Tue, Apr 3, 2018 at 12:19 PM, Ryan Hurst via dev-security-policy <
dev-security-policy@lists.mozilla.org> wrote:
>
>
> For example, if we consider a CA supporting a large mail provider in
> providing S/MIME certificates to all of its customers. In this model, the
> mail provider is the
On Monday, April 2, 2018 at 1:10:13 PM UTC-7, Wayne Thayer wrote:
> I'm forwarding this for Tim because the list rejected it as SPAM.
>
>
>
> *From:* Tim Hollebeek
> *Sent:* Monday, April 2, 2018 2:22 PM
> *To:* 'mozilla-dev-security-policy' lists.mozilla.org>
>
I'm forwarding this for Tim because the list rejected it as SPAM.
*From:* Tim Hollebeek
*Sent:* Monday, April 2, 2018 2:22 PM
*To:* 'mozilla-dev-security-policy'
*Subject:* Complying with Mozilla policy on email validation
Mozilla policy
12 matches
Mail list logo