Re: Public disclosure of root ownership transfers (was: Re: Google Trust Services roots)

On Mon, Feb 13, 2017 at 4:14 AM, Gervase Markham via dev-security-policy wrote: > On 10/02/17 12:40, Inigo Barreira wrote: >> I see many "should" in this link. Basically those indicating "should notify >> Mozilla" and "should follow the physical relocation

RE: Public disclosure of root ownership transfers (was: Re: Google Trust Services roots)

=startcomca@lists.mozilla.org] On Behalf Of Gervase Markham via dev-security-policy Sent: lunes, 13 de febrero de 2017 13:15 To: mozilla-dev-security-pol...@lists.mozilla.org Subject: Re: Public disclosure of root ownership transfers (was: Re: Google Trust Services roots) Hi Inigo. On 10/02/17 12:40

RE: Public disclosure of root ownership transfers (was: Re: Google Trust Services roots)

gn.com>; mozilla-dev-security-pol...@lists.mozilla.org Subject: Re: Public disclosure of root ownership transfers (was: Re: Google Trust Services roots) On 10/02/17 06:15, Richard Wang wrote: > I think Mozilla should have a very clear policy for: > (1) If a company that not a public trusted CA acquired

Re: Public disclosure of root ownership transfers (was: Re: Google Trust Services roots)

On 10/02/17 05:10, Peter Bowen wrote: > On Thu, Feb 9, 2017 at 7:41 AM, Gervase Markham via >> A) The date Google took control of the GlobalSign roots >> B) The date Google publicly announced GTS >> >> you will see there's quite a big delta. If you assume Google told >> Mozilla about event A)

Re: Public disclosure of root ownership transfers (was: Re: Google Trust Services roots)

On 10/02/17 06:15, Richard Wang wrote: > I think Mozilla should have a very clear policy for: > (1) If a company that not a public trusted CA acquired a trusted root key, > what the company must do? > (2) If a company is a public trusted CA that acquired a trusted root key, > what the company

RE: Public disclosure of root ownership transfers (was: Re: Google Trust Services roots)

-security-policy Sent: Friday, February 10, 2017 1:10 PM To: Gervase Markham <g...@mozilla.org> Cc: mozilla-dev-security-pol...@lists.mozilla.org Subject: Re: Public disclosure of root ownership transfers (was: Re: Google Trust Services roots) On Thu, Feb 9, 2017 at 7:41 AM, Gervase Markham v

Re: Public disclosure of root ownership transfers (was: Re: Google Trust Services roots)

On Thu, Feb 9, 2017 at 7:41 AM, Gervase Markham via dev-security-policy wrote: > On 09/02/17 14:32, Gijs Kruitbosch wrote: >> Would Mozilla's root program consider changing this requirement so that >> it *does* require public disclosure, or are there

Re: Public disclosure of root ownership transfers (was: Re: Google Trust Services roots)

On 09/02/17 14:32, Gijs Kruitbosch wrote: > Would Mozilla's root program consider changing this requirement so that > it *does* require public disclosure, or are there convincing reasons not > to? At first glance, it seems like 'guiding' CAs towards additional > transparency in the CA