Re: Policy 2.7.1: MRSP Issue #152: Add EV Audit exception for Policy Constraints

In line with the proposed hyperlink to https://wiki.mozilla.org/CA/EV_Processing_for_CAs#EV_TLS_Capable from "capable of issuing EV certificates" (see Issue #147), then I don't think the proposed parenthetical is necessary anymore, and I think this issue can be considered resolved without needing

Re: Policy 2.7.1: MRSP Issue #152: Add EV Audit exception for Policy Constraints

>> For this MRSP Issue #152 update to v2.7.1, I propose that we make each >> occurrence of "capable of issuing EV certificates" link to >> https://wiki.mozilla.org/CA/EV_Processing_for_CAs#EV_TLS_Capable In the definition of EV TLS Capable, I'd move the last bullet up to the top. Done.

RE: Policy 2.7.1: MRSP Issue #152: Add EV Audit exception for Policy Constraints

urity-policy > Sent: Thursday, November 5, 2020 7:28 PM > To: Mozilla > Subject: Re: Policy 2.7.1: MRSP Issue #152: Add EV Audit exception for Policy > Constraints > > On 10/16/20 11:26 PM, Ryan Sleevi wrote: > > Because of this, it seems that there is a simpler, clearer, >

Re: Policy 2.7.1: MRSP Issue #152: Add EV Audit exception for Policy Constraints

On 10/16/20 11:26 PM, Ryan Sleevi wrote: Because of this, it seems that there is a simpler, clearer, unambiguous path for CAs that seems useful to move to: - If a CA is trusted for purpose X, that certificate, and all subordinate CAs, should be audited against the criteria relevant for X I am

AW: Policy 2.7.1: MRSP Issue #152: Add EV Audit exception for Policy Constraints

Hi everybody, this might not be closely connected to original topic, but allow me to comment on one issue below. Best regards Matthias > -Ursprüngliche Nachricht- > Von: dev-security-policy Im > Auftrag von Ryan Sleevi via dev-security-policy > Gesendet: Samstag, 17. Oktober 2020

Re: Policy 2.7.1: MRSP Issue #152: Add EV Audit exception for Policy Constraints

On Thu, 15 Oct 2020 14:36:15 -0600 Ben Wilson via dev-security-policy wrote: > Possible language is presented here: > https://github.com/BenWilson-Mozilla/pkipolicy/commit/c1acc76ad9f05038dc82281532fb215d71d537d4 I write this fully expecting to be corrected on the substance but I have spent a

Re: Policy 2.7.1: MRSP Issue #152: Add EV Audit exception for Policy Constraints

On Sat, Oct 17, 2020 at 3:48 PM Ben Wilson wrote: > Ryan wrote: > > > If we apply this concept to the proposed language, then the requirement > for an EV audit is > > simply about whether there is any unexpired, unrevoked path to a root CA > which can issue > > EV certificates. Similarly,

Re: Policy 2.7.1: MRSP Issue #152: Add EV Audit exception for Policy Constraints

Ryan wrote: > If we apply this concept to the proposed language, then the requirement for an EV audit is > simply about whether there is any unexpired, unrevoked path to a root CA which can issue > EV certificates. Similarly, checking the scope for an EV audit becomes “the entire hierarchy”. >

Re: Policy 2.7.1: MRSP Issue #152: Add EV Audit exception for Policy Constraints

On Thu, Oct 15, 2020 at 4:36 PM Ben Wilson via dev-security-policy < dev-security-policy@lists.mozilla.org> wrote: > This issue is presented for resolution in the next version of the Mozilla > Root Store Policy. It is related to Issue #147 >

Re: Policy 2.7.1: MRSP Issue #152: Add EV Audit exception for Policy Constraints

On Fri, Oct 16, 2020 at 9:20 AM Dimitris Zacharopoulos wrote: > > > On 2020-10-16 3:21 μ.μ., Ryan Sleevi wrote: > > > > On Fri, Oct 16, 2020 at 7:31 AM Dimitris Zacharopoulos via > dev-security-policy wrote: > >> >> >> On 2020-10-15 11:36 μ.μ., Ben Wilson via dev-security-policy wrote: >> >

Re: Policy 2.7.1: MRSP Issue #152: Add EV Audit exception for Policy Constraints

On 2020-10-16 3:21 μ.μ., Ryan Sleevi wrote: On Fri, Oct 16, 2020 at 7:31 AM Dimitris Zacharopoulos via dev-security-policy > wrote: On 2020-10-15 11:36 μ.μ., Ben Wilson via dev-security-policy wrote: >   This issue is presented for

Re: Policy 2.7.1: MRSP Issue #152: Add EV Audit exception for Policy Constraints

: Dimitris Zacharopoulos Sent: 16 October 2020 12:48 To: Rob Stradling ; Ben Wilson ; mozilla-dev-security-policy Subject: Re: Policy 2.7.1: MRSP Issue #152: Add EV Audit exception for Policy Constraints CAUTION: This email originated from outside of the organization. Do not click lin

Re: Policy 2.7.1: MRSP Issue #152: Add EV Audit exception for Policy Constraints

On Fri, Oct 16, 2020 at 7:31 AM Dimitris Zacharopoulos via dev-security-policy wrote: > > > On 2020-10-15 11:36 μ.μ., Ben Wilson via dev-security-policy wrote: > > This issue is presented for resolution in the next version of the > Mozilla > > Root Store Policy. It is related to Issue #147 > >

Re: Policy 2.7.1: MRSP Issue #152: Add EV Audit exception for Policy Constraints

re: https://github.com/robstradling/pkipolicy/pull/1 *From:* dev-security-policy on behalf of Dimitris Zacharopoulos via dev-security-policy *Sent:* 16 October 2020 12:31 *To:* Ben Wilson ; mozilla-dev-security-policy *Subject:* Re: Policy 2.7.1: MRSP Issue

Re: Policy 2.7.1: MRSP Issue #152: Add EV Audit exception for Policy Constraints

policy/pull/1 From: dev-security-policy on behalf of Dimitris Zacharopoulos via dev-security-policy Sent: 16 October 2020 12:31 To: Ben Wilson ; mozilla-dev-security-policy Subject: Re: Policy 2.7.1: MRSP Issue #152: Add EV Audit exception for Policy Cons

Re: Policy 2.7.1: MRSP Issue #152: Add EV Audit exception for Policy Constraints

On 2020-10-15 11:36 μ.μ., Ben Wilson via dev-security-policy wrote: This issue is presented for resolution in the next version of the Mozilla Root Store Policy. It is related to Issue #147 (previously posted for discussion on this list on

Policy 2.7.1: MRSP Issue #152: Add EV Audit exception for Policy Constraints

This issue is presented for resolution in the next version of the Mozilla Root Store Policy. It is related to Issue #147 (previously posted for discussion on this list on 6-Oct-2020). Possible language is presented here: