Re: Policy 2.6 Proposal: Update domain validation requirements

2018-03-29 Thread Ryan Sleevi via dev-security-policy
On Fri, Mar 23, 2018 at 6:22 PM, Wayne Thayer via dev-security-policy < dev-security-policy@lists.mozilla.org> wrote: > I've drafted these changes: > https://github.com/mozilla/pkipolicy/commit/e5269ff0d6ced93a6c6af65947712b > 8e4b2e18b8 > > On Tue, Mar 20, 2018 at 9:57 AM, Tim Hollebeek > > wrot

Re: Policy 2.6 Proposal: Update domain validation requirements

2018-03-23 Thread Wayne Thayer via dev-security-policy
I've drafted these changes: https://github.com/mozilla/pkipolicy/commit/e5269ff0d6ced93a6c6af65947712b8e4b2e18b8 On Tue, Mar 20, 2018 at 9:57 AM, Tim Hollebeek wrote: > > > * Add a new bullet on IP Address validation that forbids the use of BR > > 3.2.2.5(4) (“any other method”) and requires dis

RE: Policy 2.6 Proposal: Update domain validation requirements

2018-03-20 Thread Tim Hollebeek via dev-security-policy
other disclosed or undisclosed methods. -Tim From: Wayne Thayer [mailto:wtha...@mozilla.com] Sent: Tuesday, March 20, 2018 5:08 PM To: Tim Hollebeek Cc: mozilla-dev-security-policy Subject: Re: Policy 2.6 Proposal: Update domain validation requirements Tim, On Tue, Mar 20, 2018 at 9

Re: Policy 2.6 Proposal: Update domain validation requirements

2018-03-20 Thread Wayne Thayer via dev-security-policy
Tim, On Tue, Mar 20, 2018 at 9:57 AM, Tim Hollebeek wrote: > > > * Add a new bullet on IP Address validation that forbids the use of BR > > 3.2.2.5(4) (“any other method”) and requires disclosure of IP Address > > validation processes in the CA’s CP/CPS. > > This is a bit premature. Most CA's I

Re: Policy 2.6 Proposal: Update domain validation requirements

2018-03-20 Thread Ryan Sleevi via dev-security-policy
On Mon, Mar 19, 2018 at 6:32 PM, Wayne Thayer via dev-security-policy < dev-security-policy@lists.mozilla.org> wrote: > Section 2.2(3) defines very specific requirements for use of the BR 3.2.2.4 > domain validation methods. Now that 3.2.2.4.11 (“any other method”) has > been removed from the BRs

Policy 2.6 Proposal: Update domain validation requirements

2018-03-19 Thread Wayne Thayer via dev-security-policy
Section 2.2(3) defines very specific requirements for use of the BR 3.2.2.4 domain validation methods. Now that 3.2.2.4.11 (“any other method”) has been removed from the BRs and ballot 218 [1] has passed, the Mozilla policy is out-of-date. I propose the following changes: * Remove the reference to