Re: Japan GPKI Root Renewal Request

On Wed, Feb 28, 2018 at 9:13 AM, Eric Mill via dev-security-policy < dev-security-policy@lists.mozilla.org> wrote: > On Wed, Feb 28, 2018 at 12:58 AM, apca2.2013--- via dev-security-policy < > dev-security-policy@lists.mozilla.org> wrote: > > > "I would like to again point out that simply waiting

Re: Japan GPKI Root Renewal Request

On Wed, Feb 28, 2018 at 12:58 AM, apca2.2013--- via dev-security-policy < dev-security-policy@lists.mozilla.org> wrote: > "I would like to again point out that simply waiting for misissued > certificates to expire is not an acceptable response." > > This is a misunderstanding. > We are preparing

Re: Japan GPKI Root Renewal Request

"I would like to again point out that simply waiting for misissued certificates to expire is not an acceptable response." This is a misunderstanding. We are preparing to revoke certificates immediately, rather than waiting for certificates issued prior to 2017 to expire. However, even if we

Re: Japan GPKI Root Renewal Request

To conclude this discussion, Mozilla is denying the Japanese Government ApplicationCA2 Root inclusion request. I'd like to thank everyone for your constructive input into the discussion, and I'd like to thank the Japanese Government representatives for their patience and work to address issues as

Re: Japan GPKI Root Renewal Request

We are a certificate authority controlled by the Government of Japan and issued only for servers operated by the government. For certificates that you point out concerning, they will expire and will be reissued, so we think that the problem will be solved. We will continue to take BR audits in

Re: Japan GPKI Root Renewal Request

On Mon, Feb 12, 2018 at 6:31 PM Wayne Thayer via dev-security-policy < dev-security-policy@lists.mozilla.org> wrote: > All of my questions regarding the CP/CPS and audits have been answered to > my satisfaction. I am left with two concerns: > > 1. This root was signed on 12-March 2013. The first

Re: Japan GPKI Root Renewal Request

All of my questions regarding the CP/CPS and audits have been answered to my satisfaction. I am left with two concerns: 1. This root was signed on 12-March 2013. The first end-entity certificate that I'm aware of was signed later in 2013. Mozilla began requiring BR audits in 2014, but the first

Re: Japan GPKI Root Renewal Request

Below is the answer to the pointed out earlier. == Bad == * CPS docs are not assigned a version number (Mozilla policy 3.3) We had set up CP / CPS version number assignment rules. Based on this, at present CP / CPS Root version is Ver. 1.05 and CP / CPS Sub version is 1.07. We attached CP /

Re: Japan GPKI Root Renewal Request

On Thursday, August 25, 2016 at 8:07:05 PM UTC, Kathleen Wilson wrote: > > This request by the Government of Japan, Ministry of Internal > > Affairs and Communications, is to include the GPKI 'ApplicationCA2 Root' > > certificate and enable the Websites trust bit. This new root certificate > >

Re: Japan GPKI Root Renewal Request

On Fri, Aug 5, 2016 at 5:39 AM, Peter Kurrasch wrote: > Kathleen-- > > As I understand it, the request is for only CA2(Root) to be included in > the trust store. Is that correct? > > The CP/CPS document submitted for the CA2(Root) hardly seems sufficient to > satisfy anyone for

Re: Japan GPKI Root Renewal Request

On Friday, May 20, 2016 at 3:33:56 PM UTC-7, Kathleen Wilson wrote: > Does anyone have questions, concerns, or feedback on this request from the > Government of Japan, Ministry of Internal Affairs and Communications, to > include the GPKI 'ApplicationCA2 Root' certificate and enable the Websites

Re: Japan GPKI Root Renewal Request

Does anyone have questions, concerns, or feedback on this request from the Government of Japan, Ministry of Internal Affairs and Communications, to include the GPKI 'ApplicationCA2 Root' certificate and enable the Websites trust bit? Kathleen ___

Japan GPKI Root Renewal Request

This request by the Government of Japan, Ministry of Internal Affairs and Communications, is to include the GPKI 'ApplicationCA2 Root' certificate and enable the Websites trust bit. This new root certificate has been created in order to comply with the Baseline Requirements, and will eventually