On Mon, Oct 21, 2019 at 6:49 PM Wayne Thayer wrote:
> Here are the proposed changes:
> * Reinstate Mozilla's revocation requirements for S/MIME certificates:
> https://github.com/mozilla/pkipolicy/commit/e6337bb76a4522da15aeb7c0862b6cc05d317814
> (replacing the original 2.7 proposal with the
Here are the proposed changes:
* Reinstate Mozilla's revocation requirements for S/MIME certificates:
https://github.com/mozilla/pkipolicy/commit/e6337bb76a4522da15aeb7c0862b6cc05d317814
(replacing the original 2.7 proposal with the older Root Store policy
requirements)
* Require revocation when a
Dear Wayne,
Please consider the fact that S/MIME is focused on "signature"
Certificates which has different considerations than "authentication"
Certificates. The baseline requirements (and their revocation
requirements) are focused on "authentication" Certificates. I believe
the revocation
On Tue, May 14, 2019 at 11:21 AM Kathleen Wilson via dev-security-policy <
dev-security-policy@lists.mozilla.org> wrote:
> On 5/10/19 5:46 PM, Wayne Thayer wrote:
> > I've attempted to update section 6 to incorporate revocation requirements
> > for S/MIME certificates:
> >
> >
>
On 5/10/19 5:46 PM, Wayne Thayer wrote:
I've attempted to update section 6 to incorporate revocation requirements
for S/MIME certificates:
https://github.com/mozilla/pkipolicy/commit/15ad5b9180903b92b8f638c219740c0fb6ba0637
Note: since much of this language is copied directly from the BRs, if
illa-dev-security-pol...@lists.mozilla.org>
> Subject: Re: Policy 2.7 Proposal: Clarify Revocation Requirements for
> S/MIME Certificates
>
> Kathleen and Pedro,
>
> Thank you for raising these legitimate concerns. I continue to believe
> that a literal reading of the current
: Policy 2.7 Proposal: Clarify Revocation Requirements for S/MIME
Certificates
Kathleen and Pedro,
Thank you for raising these legitimate concerns. I continue to believe that a
literal reading of the current requirement is that it already does apply to
S/MIME certificates, and the discussion I
Kathleen and Pedro,
Thank you for raising these legitimate concerns. I continue to believe that
a literal reading of the current requirement is that it already does apply
to S/MIME certificates, and the discussion I mentioned supports that
interpretation.
I propose two new options to solve this
Hello,
my main concern about applying this would be that this would lead to forbid the
option to suspend a personal certificate.
On a side note about suspension... I was not active in the forums when this was
discussed and adopted and I'm sure there was a clear benefit on disallowing
Just want to make it very clear to everyone, that the proposal, to add
the following text to section 6 of Mozilla's Root Store Policy would
mean that certs constrained to id-kp-emailProtection (end-entity and
intermediate), i.e. S/MIME certs, would be subject to the same BR rules
and
On Fri, Apr 26, 2019 at 5:14 PM Wayne Thayer wrote:
> Section 6 ("Revocation") of Mozilla's Root Store Policy states:
>
> CAs MUST revoke Certificates that they have issued upon the occurrence of
>> any event listed in the appropriate subsection of section 4.9.1 of the
>> Baseline Requirements,
11 matches
Mail list logo