Re: Policy 2.7.1: MRSP Issue #218: Clarify CRL requirements for End Entity Certificates

2021-03-08 Thread Ben Wilson via dev-security-policy
records)? >>> > >>> > Relatedly, "A CA technically capable of...that the CCADB field" seems >>> > wrong. CCADB "CA Owner" records don't/won't contain the new field(s). >>> > Similar language elsewhere in the policy (section

Re: Policy 2.7.1: MRSP Issue #218: Clarify CRL requirements for End Entity Certificates

2021-02-25 Thread Ben Wilson via dev-security-policy
than "All >> > CAs..."). >> > >> > Technically-constrained intermediate certs don't have to be disclosed to >> > CCADB, but "in all situations where the CA is enabled for server >> > certificate issuance" clearly includes technic

Re: Policy 2.7.1: MRSP Issue #218: Clarify CRL requirements for End Entity Certificates

2021-01-25 Thread Aaron Gable via dev-security-policy
closed to > > CCADB, but "in all situations where the CA is enabled for server > > certificate issuance" clearly includes technically-constrained > > intermediates. How would a CA populate the "Full CRL Issued By This CA" > > field for a technically-constr

Re: Policy 2.7.1: MRSP Issue #218: Clarify CRL requirements for End Entity Certificates

2021-01-24 Thread Ben Wilson via dev-security-policy
intermediates. How would a CA populate the "Full CRL Issued By This CA" > field for a technically-constrained intermediate cert that has > (legitimately) not been disclosed to CCADB? > > ------------------ > *From:* dev-security-policy > on behalf of Ben W

Re: Policy 2.7.1: MRSP Issue #218: Clarify CRL requirements for End Entity Certificates

2021-01-13 Thread Rob Stradling via dev-security-policy
been disclosed to CCADB? ________ From: dev-security-policy on behalf of Ben Wilson via dev-security-policy Sent: 08 January 2021 01:00 To: mozilla-dev-security-policy Subject: Policy 2.7.1: MRSP Issue #218: Clarify CRL requirements for End Entity Certificates CAUTION:

Re: Policy 2.7.1: MRSP Issue #218: Clarify CRL requirements for End Entity Certificates

2021-01-13 Thread Corey Bonnell via dev-security-policy
Hi Ben, A few follow-up questions and comments: 1) What are the expectations regarding availability for such CRLs? Do the availability requirements in BR 4.10.2 stand for these CRLs even if such CRL pointers are not encoded in end-entity certificates? 2) What is the expectation for populating th

Re: Policy 2.7.1: MRSP Issue #218: Clarify CRL requirements for End Entity Certificates

2021-01-11 Thread Ryan Hurst via dev-security-policy
On Thursday, January 7, 2021 at 5:00:46 PM UTC-8, Ben Wilson wrote: > This is the last issue that I have marked for discussion in relation to > version 2.7.1 of the Mozilla Root Store Policy > . > > It is iden

Policy 2.7.1: MRSP Issue #218: Clarify CRL requirements for End Entity Certificates

2021-01-07 Thread Ben Wilson via dev-security-policy
This is the last issue that I have marked for discussion in relation to version 2.7.1 of the Mozilla Root Store Policy . It is identified and discussed in GitHub Issue #218