Re: Old roots to new roots best practice?

2017-09-28 Thread Gervase Markham via dev-security-policy
On 20/09/17 03:49, userwithuid wrote: >> I agree, Gerv's remarks are a bit confusing with respect to the concern. Ryan is polite. :-) > Wrt to the StartCom bulletpoint, I guess this was a mistake on Mozilla's part > then and should probably be acknowledged as such, @Gerv. Yes, I acknowledge tha

Re: Old roots to new roots best practice?

2017-09-19 Thread Ryan Sleevi via dev-security-policy
On Tue, Sep 19, 2017 at 10:49 PM, userwithuid via dev-security-policy < dev-security-policy@lists.mozilla.org> wrote: > Either way, in the specific case, StartCom, this criticism seems to be > inapplicable, as the revoked one was never deployed in the first place. I don't think that's a fair con

Re: Old roots to new roots best practice?

2017-09-19 Thread userwithuid via dev-security-policy
On Monday, September 18, 2017 at 1:58:03 AM UTC, Ryan Sleevi wrote: > I agree, Gerv's remarks are a bit confusing with respect to the concern. > You are correct that the process of establishing a new root generally > involves the creation of a self-signed certificate, and then any > cross-signing t

Re: Old roots to new roots best practice?

2017-09-18 Thread Ryan Sleevi via dev-security-policy
-policy > [mailto:dev-security-policy-bounces+ben=digicert@lists.mozilla.org] On > Behalf Of Ryan Sleevi via dev-security-policy > Sent: Sunday, September 17, 2017 7:57 PM > To: userwithuid > Cc: mozilla-dev-security-policy > > Subject: Re: Old roots to new roots best practi

RE: Old roots to new roots best practice?

2017-09-18 Thread Ben Wilson via dev-security-policy
PM To: userwithuid Cc: mozilla-dev-security-policy Subject: Re: Old roots to new roots best practice? Hi there, I agree, Gerv's remarks are a bit confusing with respect to the concern. You are correct that the process of establishing a new root generally involves the creation of a self-signed c

Re: Old roots to new roots best practice?

2017-09-17 Thread Ryan Sleevi via dev-security-policy
Hi there, I agree, Gerv's remarks are a bit confusing with respect to the concern. You are correct that the process of establishing a new root generally involves the creation of a self-signed certificate, and then any cross-signing that happens conceptually creates an 'intermediate' - so you have

Re: Old roots to new roots best practice?

2017-09-17 Thread userwithuid via dev-security-policy
Forgot the links: [1] https://groups.google.com/forum/#!topic/mozilla.dev.security.policy/hNOJJrN6WfE [2] https://groups.google.com/forum/#!msg/mozilla.dev.security.policy/RJHPWUd93xE/RqnC3brRBQAJ [3] https://crt.sh/?spkisha256=fbe3018031f9586bcbf41727e417b7d1c45c2f47f93be372a17b96b50757d5a2 [4