the entity controlling exampLe.com. And
vice versa.
Note that "High Risk Certificate Requests" can still be fulfilled,
they just require extra checks of their legitimacy, as per BR 4.2.1.
*From: *Gervase Markham
*Sent: *Tuesday, May 2, 2017 5:46 AM
*To: *Peter Kurrasch; mozilla-d
On 03/05/17 16:45, Peter Kurrasch wrote:
> Perhaps a different way to pose the questions here is whether Mozilla
> wants to place any expectations on the CA's regarding fraud and the
> prevention thereof.
You need to be more specific, because there are lots of different ways a
system can have
From: Gervase MarkhamSent: Tuesday, May 2, 2017 5:46 AMTo: Peter Kurrasch; mozilla-dev-security-pol...@lists.mozilla.orgSubject: Re: Policy 2.5 Proposal: Remove the bullet about "fra
thanks
发自网易邮箱大师
在2017年05月03日 10:15,Jakob Bohm via dev-security-policy 写道:
On 02/05/2017 12:46, Gervase Markham wrote:
> On 02/05/17 01:55, Peter Kurrasch wrote:
>> I was thinking that fraud takes many forms generally speaking and that
>> the PKI space is no different. Given that Mozilla (and
On 02/05/17 01:55, Peter Kurrasch wrote:
> I was thinking that fraud takes many forms generally speaking and that
> the PKI space is no different. Given that Mozilla (and everyone else)
> work very hard to preserve the integrity of the global PKI and that the
> PKI itself is an important tool to
:49 AMTo: Peter Kurrasch; mozilla-dev-security-pol...@lists.mozilla.orgSubject: Re: Policy 2.5 Proposal: Remove the bullet about "fraudulent use"On 01/05/17 16:28, Peter Kurrasch wrote:> Gerv, does this leave the Mozilla policy with no position statement regarding fraud in the global PK
: Policy 2.5 Proposal: Remove the bullet about "fraudulent use"
On 20/04/17 14:39, Gervase Markham wrote:
> So I propose removing it, and reformatting the section accordingly.
Edit made as proposed.
Gerv
___
dev-security-policy mailing list
On 20/04/17 14:39, Gervase Markham wrote:
> So I propose removing it, and reformatting the section accordingly.
Edit made as proposed.
Gerv
___
dev-security-policy mailing list
dev-security-policy@lists.mozilla.org
I strongly support removing any ambiguity about CAs not being required to
police certificate issuance, and agree on the unuseful level of
subjectivity that would be present in any attempt to enforce this clause.
-- Eric
On Thu, Apr 20, 2017 at 7:11 PM, Matt Palmer via dev-security-policy <
+1 to what sounds like a perfectly reasonable position
___
dev-security-policy mailing list
dev-security-policy@lists.mozilla.org
https://lists.mozilla.org/listinfo/dev-security-policy
Section 7.1 of the policy says that we reserve the right not to include
certificates from a CA which has:
"knowingly issue certificates that appear to be intended for fraudulent
use."
There are a few problems with this.
* It's only in the inclusion section.
* It's really subjective - how could
11 matches
Mail list logo