Re: CAA policy - ComodoCA or Sectigo?

2019-02-05 Thread Wayne Thayer via dev-security-policy
On Tue, Feb 5, 2019 at 11:55 AM Matthias van de Meent via dev-security-policy wrote: > On Tue, 5 Feb 2019 at 16:58, Ryan Sleevi wrote: > > > CAs are not presently required to disclose those profiles in that > detail, but it sounds as if the issue is that Sectigo did not update the > CP/CPS

Re: CAA policy - ComodoCA or Sectigo?

2019-02-05 Thread Matthias van de Meent via dev-security-policy
On Tue, 5 Feb 2019 at 16:58, Ryan Sleevi wrote: > > On Tue, Feb 5, 2019 at 6:37 AM Matthias van de Meent > wrote: >> >> I agree that sectigo hosts a CPS which meets the requirements for them >> to issue a certificate for the website. The issue is different here, >> though. >> >> The apparent

Re: CAA policy - ComodoCA or Sectigo?

2019-02-05 Thread Matthias van de Meent via dev-security-policy
On Tue, 5 Feb 2019 at 18:05, Robin Alden wrote: > > Wayne, Mattias, > We have a post-rebrand CPS which is almost ready to publish and has > a new Certificate Profiles section. Thanks for the heads-up, is there a projected timeframe in which this new CPS will be available? > To the OP's

RE: CAA policy - ComodoCA or Sectigo?

2019-02-05 Thread Robin Alden via dev-security-policy
> To: Matthias van de Meent > Cc: Ryan Sleevi ; MDSP pol...@lists.mozilla.org> > Subject: Re: CAA policy - ComodoCA or Sectigo? > > On Tue, Feb 5, 2019 at 4:37 AM Matthias van de Meent via > dev-security-policy wrote: > > > On Mon, 4 Feb 2019 at 18:06, Ryan Sleevi

Re: CAA policy - ComodoCA or Sectigo?

2019-02-05 Thread Ryan Sleevi via dev-security-policy
On Tue, Feb 5, 2019 at 6:37 AM Matthias van de Meent < matthias.vandeme...@cofano.nl> wrote: > I agree that sectigo hosts a CPS which meets the requirements for them > to issue a certificate for the website. The issue is different here, > though. > > The apparent signee (ComodoCA/Sectigo) has

Re: CAA policy - ComodoCA or Sectigo?

2019-02-05 Thread Wayne Thayer via dev-security-policy
On Tue, Feb 5, 2019 at 4:37 AM Matthias van de Meent via dev-security-policy wrote: > On Mon, 4 Feb 2019 at 18:06, Ryan Sleevi wrote: > > > > On Mon, Feb 4, 2019 at 10:46 AM Matthias van de Meent via > dev-security-policy wrote: > >> > >> Hi, > >> > >> Today we've bought a wildcard certificate

Re: CAA policy - ComodoCA or Sectigo?

2019-02-05 Thread Matthias van de Meent via dev-security-policy
On Mon, 4 Feb 2019 at 18:06, Ryan Sleevi wrote: > > On Mon, Feb 4, 2019 at 10:46 AM Matthias van de Meent via dev-security-policy > wrote: >> >> Hi, >> >> Today we've bought a wildcard certificate [0] for our cofano.io domain >> from Sectigo (previously ComodoCA) via a reseller. Our CAA policy

Re: CAA policy - ComodoCA or Sectigo?

2019-02-04 Thread Ryan Sleevi via dev-security-policy
On Mon, Feb 4, 2019 at 10:46 AM Matthias van de Meent via dev-security-policy wrote: > Hi, > > Today we've bought a wildcard certificate [0] for our cofano.io domain > from Sectigo (previously ComodoCA) via a reseller. Our CAA policy > describes that only "comodoca.com" can issue wildcards. The