On 09/05/17 18:25, Doug Beattie wrote:
> I'm not clear on what you mean by CAs must use only the 10 Blessed Methods by
> 21st July 2017.
>
> I'm assuming this is the latest official draft:
>
> https://github.com/mozilla/pkipolicy/blob/master/rootstore/policy.md
Yes :-)
> Specifically, does t
ervase Markham via dev-security-policy
> Sent: Tuesday, May 9, 2017 12:58 PM
> To: mozilla-dev-security-pol...@lists.mozilla.org
> Subject: Re: Policy 2.5 Proposal: Indicate direction of travel with respect to
> permitted domain validation methods
>
> On 01/05/17 10:13, Gervase Markham
On 01/05/17 10:13, Gervase Markham wrote:
> This would involve replacing section 2.2.3 of the policy with:
Incorporated as drafted. CAs should take note (from this change and from
the CA Communication) that Mozilla's policy is moving in the direction
of requiring the 10 Blessed Methods alone, an
On 03/05/17 21:31, Han Yuwei wrote:
> A question:How would a domain holder express denial for certain certificate
> requests?
Please can you post new questions as new threads rather than as replies
to existing threads on another topic?
The answer to your question is that they can define which CA
On Monday, 1 May 2017 22:02:58 UTC+1, Lee wrote:
> Maybe it's because I've worked with some incredibly bad auditors, but
> the way I read the proposal, doing anything other than one of those
> exact 10 methods is risking an audit failure.
> How would you word the policy to make it clear that whil
On 01/05/17 18:53, Lee wrote:
> You seem to be replacing a "meets or exceeds" requirement with a
> "strictly meets" requirement.
That is not particularly the intention. I think that the Baseline nature
of the Baseline Requirements means that CAs know it's generally OK to go
above and beyond what i
On Mon, May 1, 2017 at 5:02 PM, Lee via dev-security-policy <
dev-security-policy@lists.mozilla.org> wrote:
>
> Maybe it's because I've worked with some incredibly bad auditors, but
> the way I read the proposal, doing anything other than one of those
> exact 10 methods is risking an audit failure.
On 5/1/17, Ryan Sleevi wrote:
> On Mon, May 1, 2017 at 1:53 PM, Lee via dev-security-policy <
> dev-security-policy@lists.mozilla.org> wrote:
>
>> On 5/1/17, Gervase Markham via dev-security-policy
>> wrote:
>> > The last CA Communication laid down our policy of only permitting the
>> > 10
>> > B
On Mon, May 1, 2017 at 1:53 PM, Lee via dev-security-policy <
dev-security-policy@lists.mozilla.org> wrote:
> On 5/1/17, Gervase Markham via dev-security-policy
> wrote:
> > The last CA Communication laid down our policy of only permitting the 10
> > Blessed Methods of domain validation. A CA Com
On 5/1/17, Gervase Markham via dev-security-policy
wrote:
> The last CA Communication laid down our policy of only permitting the 10
> Blessed Methods of domain validation. A CA Communication is an official
> vehicle for Mozilla Policy so this is now policy, but it's not reflected
> in the main po
10 matches
Mail list logo