On Thu, Nov 8, 2018 at 8:51 PM Jakob Bohm via dev-security-policy <
dev-security-policy@lists.mozilla.org> wrote:
> Over the years, there has been some variation among participants in how
> harshly individual mistakes by CAs should be judged, ranging from "just
> file a satisfactory incident repor
I'm not convinced there is an answer here. It seems that most would agree
with the premise that we should consider the circumstances and context for
an issue and make a balanced assessment. That leaves the matter of what
this means in practice up for debate. Often, it appears to be a debate
between
On 09/11/2018 15:52, Hanno Böck wrote:
On Fri, 9 Nov 2018 14:56:41 +0100
Jakob Bohm via dev-security-policy
wrote:
However there are also some very harsh punishments handed out, such as
distrusting some CAs (most notably happened to Symantec and WoSign,
but others are also teetering), and dist
Jakob Bohm wrote "Each of these arguments for maximum punishment and/or
maximum inconvenience for innocent bystanders is backed by a formal/legal
interpretation of existing rules as making this the only possible outcome."
I'd agree - heavy-handed, strict enforcement of some rules unnecessarily
p
On Fri, 9 Nov 2018 14:56:41 +0100
Jakob Bohm via dev-security-policy
wrote:
> However there are also some very harsh punishments handed out, such as
> distrusting some CAs (most notably happened to Symantec and WoSign,
> but others are also teetering), and distrusting auditors (most notably
> hap
If Google had not started the process of Symantec distrust, Mozilla would never
have come to this step, I think.
___
dev-security-policy mailing list
dev-security-policy@lists.mozilla.org
https://lists.mozilla.org/listinfo/dev-security-policy
On 09/11/2018 12:44, westmai...@gmail.com wrote:
I think that punishments of the CAs for already exists in Mozilla Root Store
are very mild, and some CAs often do not pay any attention to this...
However there are also some very harsh punishments handed out, such as
distrusting some CAs (most
I think that punishments of the CAs for already exists in Mozilla Root Store
are very mild, and some CAs often do not pay any attention to this...
___
dev-security-policy mailing list
dev-security-policy@lists.mozilla.org
https://lists.mozilla.org/listin
On 09/11/2018 07:21, Ryan Sleevi wrote:
On Thu, Nov 8, 2018 at 5:51 PM Jakob Bohm via dev-security-policy <
dev-security-policy@lists.mozilla.org> wrote:
This thread is for the general principles, it takes no stance on any
particular cases, as that would quickly derail the discussion.
Over the
On Thu, Nov 8, 2018 at 5:51 PM Jakob Bohm via dev-security-policy <
dev-security-policy@lists.mozilla.org> wrote:
> This thread is for the general principles, it takes no stance on any
> particular cases, as that would quickly derail the discussion.
>
> Over the years, there has been some variatio
This thread is for the general principles, it takes no stance on any
particular cases, as that would quickly derail the discussion.
Over the years, there has been some variation among participants in how
harshly individual mistakes by CAs should be judged, ranging from "just
file a satisfactory
11 matches
Mail list logo
