Re: Policy 2.5 Proposal: Indicate direction of travel with respect to permitted domain validation methods

On 09/05/17 18:25, Doug Beattie wrote: > I'm not clear on what you mean by CAs must use only the 10 Blessed Methods by > 21st July 2017. > > I'm assuming this is the latest official draft: > > https://github.com/mozilla/pkipolicy/blob/master/rootstore/policy.md Yes :-) > Specifically, does

RE: Policy 2.5 Proposal: Indicate direction of travel with respect to permitted domain validation methods

Gerv, I'm not clear on what you mean by CAs must use only the 10 Blessed Methods by 21st July 2017. I'm assuming this is the latest official draft: https://github.com/mozilla/pkipolicy/blob/master/rootstore/policy.md Specifically, does this mean all new domain validations must conform to

Re: Policy 2.5 Proposal: Indicate direction of travel with respect to permitted domain validation methods

On 01/05/17 10:13, Gervase Markham wrote: > This would involve replacing section 2.2.3 of the policy with: Incorporated as drafted. CAs should take note (from this change and from the CA Communication) that Mozilla's policy is moving in the direction of requiring the 10 Blessed Methods alone,

Re: Policy 2.5 Proposal: Indicate direction of travel with respect to permitted domain validation methods

On 03/05/17 21:31, Han Yuwei wrote: > A question:How would a domain holder express denial for certain certificate > requests? Please can you post new questions as new threads rather than as replies to existing threads on another topic? The answer to your question is that they can define which

Re: Policy 2.5 Proposal: Indicate direction of travel with respect to permitted domain validation methods

On Monday, 1 May 2017 22:02:58 UTC+1, Lee wrote: > Maybe it's because I've worked with some incredibly bad auditors, but > the way I read the proposal, doing anything other than one of those > exact 10 methods is risking an audit failure. > How would you word the policy to make it clear that

Re: Policy 2.5 Proposal: Indicate direction of travel with respect to permitted domain validation methods

On 01/05/17 18:53, Lee wrote: > You seem to be replacing a "meets or exceeds" requirement with a > "strictly meets" requirement. That is not particularly the intention. I think that the Baseline nature of the Baseline Requirements means that CAs know it's generally OK to go above and beyond what

Re: Policy 2.5 Proposal: Indicate direction of travel with respect to permitted domain validation methods

On Mon, May 1, 2017 at 5:02 PM, Lee via dev-security-policy < dev-security-policy@lists.mozilla.org> wrote: > > Maybe it's because I've worked with some incredibly bad auditors, but > the way I read the proposal, doing anything other than one of those > exact 10 methods is risking an audit

Re: Policy 2.5 Proposal: Indicate direction of travel with respect to permitted domain validation methods

On 5/1/17, Ryan Sleevi wrote: > On Mon, May 1, 2017 at 1:53 PM, Lee via dev-security-policy < > dev-security-policy@lists.mozilla.org> wrote: > >> On 5/1/17, Gervase Markham via dev-security-policy >> wrote: >> > The last CA Communication

Re: Policy 2.5 Proposal: Indicate direction of travel with respect to permitted domain validation methods

On Mon, May 1, 2017 at 1:53 PM, Lee via dev-security-policy < dev-security-policy@lists.mozilla.org> wrote: > On 5/1/17, Gervase Markham via dev-security-policy > wrote: > > The last CA Communication laid down our policy of only permitting the 10 > >

Re: Policy 2.5 Proposal: Indicate direction of travel with respect to permitted domain validation methods

On 5/1/17, Gervase Markham via dev-security-policy wrote: > The last CA Communication laid down our policy of only permitting the 10 > Blessed Methods of domain validation. A CA Communication is an official > vehicle for Mozilla Policy so this is now policy,