Re: Policy 2.7.1: MRSP Issue #152: Add EV Audit exception for Policy Constraints

2021-01-24 Thread Ben Wilson via dev-security-policy
In line with the proposed hyperlink to https://wiki.mozilla.org/CA/EV_Processing_for_CAs#EV_TLS_Capable from "capable of issuing EV certificates" (see Issue #147), then I don't think the proposed parenthetical is necessary anymore, and I think this issue can be considered resolved without needing t

Re: Policy 2.7.1: MRSP Issue #152: Add EV Audit exception for Policy Constraints

2020-11-06 Thread Kathleen Wilson via dev-security-policy
>> For this MRSP Issue #152 update to v2.7.1, I propose that we make each >> occurrence of "capable of issuing EV certificates" link to >> https://wiki.mozilla.org/CA/EV_Processing_for_CAs#EV_TLS_Capable In the definition of EV TLS Capable, I'd move the last bullet up to the top. Done. Thanks

RE: Policy 2.7.1: MRSP Issue #152: Add EV Audit exception for Policy Constraints

2020-11-06 Thread Tim Hollebeek via dev-security-policy
son via dev-security-policy > Sent: Thursday, November 5, 2020 7:28 PM > To: Mozilla > Subject: Re: Policy 2.7.1: MRSP Issue #152: Add EV Audit exception for Policy > Constraints > > On 10/16/20 11:26 PM, Ryan Sleevi wrote: > > Because of this, it seems that there is a simpler,

Re: Policy 2.7.1: MRSP Issue #152: Add EV Audit exception for Policy Constraints

2020-11-05 Thread Kathleen Wilson via dev-security-policy
On 10/16/20 11:26 PM, Ryan Sleevi wrote: Because of this, it seems that there is a simpler, clearer, unambiguous path for CAs that seems useful to move to: - If a CA is trusted for purpose X, that certificate, and all subordinate CAs, should be audited against the criteria relevant for X I am

Re: Policy 2.7.1: MRSP Issue #152: Add EV Audit exception for Policy Constraints

2020-10-18 Thread Nick Lamb via dev-security-policy
On Thu, 15 Oct 2020 14:36:15 -0600 Ben Wilson via dev-security-policy wrote: > Possible language is presented here: > https://github.com/BenWilson-Mozilla/pkipolicy/commit/c1acc76ad9f05038dc82281532fb215d71d537d4 I write this fully expecting to be corrected on the substance but I have spent a da

Re: Policy 2.7.1: MRSP Issue #152: Add EV Audit exception for Policy Constraints

2020-10-17 Thread Ryan Sleevi via dev-security-policy
On Sat, Oct 17, 2020 at 3:48 PM Ben Wilson wrote: > Ryan wrote: > > > If we apply this concept to the proposed language, then the requirement > for an EV audit is > > simply about whether there is any unexpired, unrevoked path to a root CA > which can issue > > EV certificates. Similarly, checkin

Re: Policy 2.7.1: MRSP Issue #152: Add EV Audit exception for Policy Constraints

2020-10-17 Thread Ben Wilson via dev-security-policy
Ryan wrote: > If we apply this concept to the proposed language, then the requirement for an EV audit is > simply about whether there is any unexpired, unrevoked path to a root CA which can issue > EV certificates. Similarly, checking the scope for an EV audit becomes “the entire hierarchy”. > T

Re: Policy 2.7.1: MRSP Issue #152: Add EV Audit exception for Policy Constraints

2020-10-16 Thread Ryan Sleevi via dev-security-policy
On Thu, Oct 15, 2020 at 4:36 PM Ben Wilson via dev-security-policy < dev-security-policy@lists.mozilla.org> wrote: > This issue is presented for resolution in the next version of the Mozilla > Root Store Policy. It is related to Issue #147 > (prev

Re: Policy 2.7.1: MRSP Issue #152: Add EV Audit exception for Policy Constraints

2020-10-16 Thread Ryan Sleevi via dev-security-policy
On Fri, Oct 16, 2020 at 9:20 AM Dimitris Zacharopoulos wrote: > > > On 2020-10-16 3:21 μ.μ., Ryan Sleevi wrote: > > > > On Fri, Oct 16, 2020 at 7:31 AM Dimitris Zacharopoulos via > dev-security-policy wrote: > >> >> >> On 2020-10-15 11:36 μ.μ., Ben Wilson via dev-security-policy wrote: >> > Th

Re: Policy 2.7.1: MRSP Issue #152: Add EV Audit exception for Policy Constraints

2020-10-16 Thread Dimitris Zacharopoulos via dev-security-policy
On 2020-10-16 3:21 μ.μ., Ryan Sleevi wrote: On Fri, Oct 16, 2020 at 7:31 AM Dimitris Zacharopoulos via dev-security-policy > wrote: On 2020-10-15 11:36 μ.μ., Ben Wilson via dev-security-policy wrote: >   This issue is presented for re

Re: Policy 2.7.1: MRSP Issue #152: Add EV Audit exception for Policy Constraints

2020-10-16 Thread Rob Stradling via dev-security-policy
_ From: Dimitris Zacharopoulos Sent: 16 October 2020 12:48 To: Rob Stradling ; Ben Wilson ; mozilla-dev-security-policy Subject: Re: Policy 2.7.1: MRSP Issue #152: Add EV Audit exception for Policy Constraints CAUTION: This email originated from outside of the organization. Do not

Re: Policy 2.7.1: MRSP Issue #152: Add EV Audit exception for Policy Constraints

2020-10-16 Thread Ryan Sleevi via dev-security-policy
On Fri, Oct 16, 2020 at 7:31 AM Dimitris Zacharopoulos via dev-security-policy wrote: > > > On 2020-10-15 11:36 μ.μ., Ben Wilson via dev-security-policy wrote: > > This issue is presented for resolution in the next version of the > Mozilla > > Root Store Policy. It is related to Issue #147 > >

Re: Policy 2.7.1: MRSP Issue #152: Add EV Audit exception for Policy Constraints

2020-10-16 Thread Dimitris Zacharopoulos via dev-security-policy
rafting a PR here: https://github.com/robstradling/pkipolicy/pull/1 *From:* dev-security-policy on behalf of Dimitris Zacharopoulos via dev-security-policy *Sent:* 16 October 2020 12:31 *To:* Ben Wilson ; mozilla-dev-security-policy *Subject:* Re: Policy 2.

Re: Policy 2.7.1: MRSP Issue #152: Add EV Audit exception for Policy Constraints

2020-10-16 Thread Rob Stradling via dev-security-policy
obstradling/pkipolicy/pull/1 From: dev-security-policy on behalf of Dimitris Zacharopoulos via dev-security-policy Sent: 16 October 2020 12:31 To: Ben Wilson ; mozilla-dev-security-policy Subject: Re: Policy 2.7.1: MRSP Issue #152: Add EV Audit exception for Poli

Re: Policy 2.7.1: MRSP Issue #152: Add EV Audit exception for Policy Constraints

2020-10-16 Thread Dimitris Zacharopoulos via dev-security-policy
On 2020-10-15 11:36 μ.μ., Ben Wilson via dev-security-policy wrote: This issue is presented for resolution in the next version of the Mozilla Root Store Policy. It is related to Issue #147 (previously posted for discussion on this list on 6-Oc