On 18/08/17 04:37, Gervase Markham wrote:
> I've started a wiki page giving Mozilla expectations and best practices
> for CAs responding to a misissuance report. (No idea why I decided to
> write that now...)
>
> https://wiki.mozilla.org/CA/Responding_To_A_Misissuance
I have now removed the
> -Original Message-
> From: Gervase Markham [mailto:g...@mozilla.org]
> Sent: Friday, August 18, 2017 9:42 AM
> To: Doug Beattie <doug.beat...@globalsign.com>; richmoor...@gmail.com;
> mozilla-dev-security-pol...@lists.mozilla.org
> Subject: Re: Responding to a m
On 18/08/17 13:03, Doug Beattie wrote:
> And if there is any guidance on processing misissuance reports for
> Name constrained sub-CA vs. not name constrained, that would be
> helpful also.
What parts of a response do you think might be different for
name-constrained sub-CAs?
Gerv
Hi Rich,
On 18/08/17 12:51, richmoor...@gmail.com wrote:
> Perhaps some explicit statements about sub-CAs would be helpful -
> detailing where responsibility lies and how a CA is required to deal
> with a sub-CA who is found to have misissued.
Do you specifically mean sub-CAs which are run by
zilla.org] On Behalf Of
> richmoore44--- via dev-security-policy
> Sent: Friday, August 18, 2017 7:51 AM
> To: mozilla-dev-security-pol...@lists.mozilla.org
> Subject: Re: Responding to a misissuance
>
> Perhaps some explicit statements about sub-CAs would be helpful - detailing
> whe
Perhaps some explicit statements about sub-CAs would be helpful - detailing
where responsibility lies and how a CA is required to deal with a sub-CA who is
found to have misissued.
___
dev-security-policy mailing list
6 matches
Mail list logo