One of the ways in which the number of organizations trusted to issue
for the WebPKI is extended is by an existing CA bestowing the power of
issuance upon a third party in the form of control of a
non-technically-constrained subCA. Examples of such are the Google and
Apple subCAs under GeoTrust, bu
I think this would be of great benefit to the community.
1) It provides meaningful opportunity to ensure that the Mozilla-specific
program requirements are being met. The spate of misissuances discussed in
the past few months have revealed an unfortunately common trend of CAs not
staying aware of
.beattie=globalsign@lists.mozilla.org] On Behalf Of
> Gervase Markham via dev-security-policy
> Sent: Tuesday, October 24, 2017 11:28 AM
> To: mozilla-dev-security-pol...@lists.mozilla.org
> Subject: Proposed policy change: require private pre-notification of 3rd party
> subCAs
>
>
Hi Doug,
On 24/10/17 16:43, Doug Beattie wrote:
> I assume this applies equally to cross signing,
Yes.
> but not to "Vanity" CAs that are set up and run by the CA on behalf of a
> customer.
If you have physical control of the intermediate and control of
issuance, it doesn't apply.
Gerv
bject: RE: Proposed policy change: require private pre-notification of 3rd
party subCAs
Gerv,
I assume this applies equally to cross signing, but not to "Vanity" CAs that
are set up and run by the CA on behalf of a customer. Is that accurate?
Doug
> -Original Message-
&g
44 AM
To: Gervase Markham ;
mozilla-dev-security-pol...@lists.mozilla.org
Subject: RE: Proposed policy change: require private pre-notification of 3rd
party subCAs
Gerv,
I assume this applies equally to cross signing, but not to "Vanity" CAs that
are set up and run by the CA on behalf of a
24, 2017 9:44 AM
> To: Gervase Markham ;
> mozilla-dev-security-pol...@lists.mozilla.org
> Subject: RE: Proposed policy change: require private pre-notification of
> 3rd
> party subCAs
>
> Gerv,
>
> I assume this applies equally to cross signing, but not to "Vanity" CAs
> t
org> ] On
Behalf Of Doug Beattie via dev-security-policy
Sent: Tuesday, October 24, 2017 9:44 AM
To: Gervase Markham mailto:g...@mozilla.org> >;
mozilla-dev-security-pol...@lists.mozilla.org
<mailto:mozilla-dev-security-pol...@lists.mozilla.org>
Subject: RE: Proposed policy change: req
8 matches
Mail list logo
