olicy-
> bounces+inigo=startcomca@lists.mozilla.org] On Behalf Of Gervase
> Markham via dev-security-policy
> Sent: jueves, 5 de octubre de 2017 11:48
> To: mozilla-dev-security-pol...@lists.mozilla.org
> Subject: Re: PROCERT issues
>
> On 05/10/17 15:32, Inigo Barreira wrote:
Bug Filed regarding PROCERT Action Items:
https://bugzilla.mozilla.org/show_bug.cgi?id=1405862
Thanks,
Kathleen
___
dev-security-policy mailing list
dev-security-policy@lists.mozilla.org
https://lists.mozilla.org/listinfo/dev-security-policy
Hi Kathleen,
With respect to providing a list - is there any requirement to ensure
Mozilla accepts that as a reasonable remediation?
For example, would "We plan to not do the same in the future" be an
acceptable remediation plan? As currently worded, it would seem to meet the
letter of this
On Mon, Oct 2, 2017 at 10:42 AM, Kathleen Wilson via dev-security-policy <
dev-security-policy@lists.mozilla.org> wrote:
> On Friday, September 29, 2017 at 2:52:49 PM UTC-7, Eric Mill wrote:
> > That dynamic is natural, but accepting that this dynamic exists is
> > different than giving into it
On Friday, September 29, 2017 at 2:52:49 PM UTC-7, Eric Mill wrote:
> That dynamic is natural, but accepting that this dynamic exists is
> different than giving into it in some absolute way. When offering second
> chances, requiring that the person/org fulfill certain conditions that
> speak
Dear Mozilla CA Root Team,
After reviewing Mr. Gervase's reply, referring to the exclusion of the PSC
PROCERT from the Mozilla trust repository and having seen the antecedents
existing in multiple previous cases, it is evident that in all cases it was
offered through the bug of a mechanism of
On Thu, Sep 28, 2017 at 12:50 PM, Gervase Markham via dev-security-policy <
dev-security-policy@lists.mozilla.org> wrote:
> On 27/09/17 18:54, Matthew Hardeman wrote:
> > In the case of StartCom, I can not help but feel that they are being
> > held to an especially high standard (higher than
On 27/09/17 18:54, Matthew Hardeman wrote:
> In the case of StartCom, I can not help but feel that they are being
> held to an especially high standard (higher than other prior adds to
> the program) in this new PKI because of who they are -- despite the
> fact that management and day-to-day
On Wednesday, 27 September 2017 18:56:27 UTC+2, Kathleen Wilson wrote:
> In past incidents, we have provided a list of action items that the CA must
> complete before they can be re-included in Mozilla's root store.
>
> What action items do you all think PROCERT should complete before they can
On Wednesday, September 27, 2017 at 11:56:27 AM UTC-5, Kathleen Wilson wrote:
> What action items do you all think PROCERT should complete before they can be
> re-included in Mozilla's root store?
> What do you think should happen if PROCERT completes those action items
> before their
In past incidents, we have provided a list of action items that the CA must
complete before they can be re-included in Mozilla's root store.
What action items do you all think PROCERT should complete before they can be
re-included in Mozilla's root store?
What do you think should happen if
Why does the document say "Date: 11/07/17" on every page, and the signed pdf
metadata say
2017-09-25T17:14:35-04:00
2017-09-25T17:18:07-04:00
2017-09-25T17:18:07-04:00
On Tuesday, September 26, 2017 at 4:56:36 PM UTC-4, alejand...@gmail.com wrote:
> In the following link you can find the CPS in
On 21/09/2017 23:08, alejandrovolcan--- via dev-security-policy wrote:
> Dear Gerv, I have attached a document that gives us a greater
> response to each of the points, as well as Mr. Oscar Lovera sent you
> an email with the same information
>
>
El lunes, 18 de septiembre de 2017, 8:27:18 (UTC-5), Gervase Markham escribió:
> On 11/09/17 12:03, Gervase Markham wrote:
> > Thank you for this initial response. It is, however, far less detailed
> > than we would like to see.
>
> I have not had any further updates from PROCERT. I have tried
On 11/09/17 12:03, Gervase Markham wrote:
> Thank you for this initial response. It is, however, far less detailed
> than we would like to see.
I have not had any further updates from PROCERT. I have tried to reflect
their responses from this email here:
Hi Alejandro,
Thank you for this initial response. It is, however, far less detailed
than we would like to see. In the email I sent to you letting you know
that we were looking at PROCERT, I wrote:
"You may wish to review a similar issue list we created for Symantec:
Good Afertnoon
In order to answer the points of the wiki, we make the following explanations
Issue D: URI in CN and dnsName SAN (December 2016)
Procert:
Based on internals test and validation, we contacting the client, we asking for
a new CSR and proceed to revoke and reissue the
On Fri, Sep 8, 2017 at 2:39 PM, Jakob Bohm via dev-security-policy <
dev-security-policy@lists.mozilla.org> wrote:
> On 07/09/2017 17:17, Gervase Markham wrote:
>
>> Mozilla has decided that there is sufficient concern about the
>> activities and operations of the CA "PROCERT" to collect together
On 07/09/2017 17:17, Gervase Markham wrote:
Mozilla has decided that there is sufficient concern about the
activities and operations of the CA "PROCERT" to collect together our
list of current concerns. That list can be found here:
https://wiki.mozilla.org/CA:PROCERT_Issues
Note that this list
On 07/09/17 22:27, Ryan Sleevi wrote:
> Do you have an anticipated time period for discussion? That is, what
> represents a time for which PROCERT may submit feedback to have it
> considered, and at what point you will consider discussion closed?
I don't want to place a hard limit on it because
I believe it's important to consider more than just the issues themselves,
and to look at a CA's response to the issues. In the past weeks, we've done
a lot of really fantastic work to push CAs on publishing more comprehensive
post-mortems, and several CAs have distinguished themselves with timely
On Thu, Sep 7, 2017 at 11:17 AM, Gervase Markham via dev-security-policy <
dev-security-policy@lists.mozilla.org> wrote:
> Mozilla has decided that there is sufficient concern about the
> activities and operations of the CA "PROCERT" to collect together our
> list of current concerns. That list
Mozilla has decided that there is sufficient concern about the
activities and operations of the CA "PROCERT" to collect together our
list of current concerns. That list can be found here:
https://wiki.mozilla.org/CA:PROCERT_Issues
Note that this list may expand or reduce over time as issues are
23 matches
Mail list logo