A few additional points:
First off, thank you Rob and James for calling out unacceptable list
behavior. Personal attacks will not be tolerated from anyone on this list.
On Thu, Sep 27, 2018 at 10:26 AM Ryan Sleevi wrote:
>
> On Thu, Sep 27, 2018 at 11:17 AM Jeremy Rowley
> wrote:
>
>> Oh – I
On Thu, Sep 27, 2018 at 11:17 AM Jeremy Rowley
wrote:
> Oh – I totally agree with you on the Google inclusion issue. Google meets
> the requirements for inclusion in Mozilla’s root policy so there’s no
> reason to exclude them. They have an audited CPS, support a community
> broader with certs
Services Root Inclusion Request
On Wed, Sep 26, 2018 at 12:04 PM Jeremy Rowley mailto:jeremy.row...@digicert.com> > wrote:
I also should also emphasize that I’m speaking as Jeremy Rowley, not as
DigiCert.
Note that I didn’t say Google controlled the policy. However, as a modul
raised.
From: Wayne Thayer
Sent: Wednesday, September 26, 2018 3:39 PM
To: Ryan Sleevi
Cc: Jeremy Rowley ; mozilla-dev-security-policy
Subject: Re: Google Trust Services Root Inclusion Request
I'm disputing the conclusion that is being drawn from Jake's concerns, rather
than
Richard,
Unfortunately Gerv is no longer with us, so he cannot respond to this
accusation. Having been involved in many discussions on m.d.s.p and with
Gerv directly, I am very sure Gerv deeply owned the decisions on StartCom
and WoSign. It was by no means Ryan telling Gerv or Mozilla what to
>
> Richard Wang
>
> Original Message ----
> From: Ryan Sleevi via dev-security-policy
> Received: Thursday, 27 September 2018 00:53
> To: Jeremy Rowley
> Cc: Ryan Sleevi ; mozilla-dev-security-policy
> Subject: Re: Google Trust Services Root Inclusion Request
>
On Wed, 26 Sep 2018 23:02:45 +0100
Nick Lamb via dev-security-policy
wrote:
> Thinking back to, for example, TSYS, my impression was that my post on
> the Moral Hazard from granting this exception had at least as much
> impact as you could expect for any participant. Mozilla declined to
>
有Lets
> Encrypt证书,谷歌浏览器显示为安全,完全误导了全球互联网用户,导致许多用户上当受骗和财产损失。已加密并不等于安全,安全不仅意味着需要加密,而且还需要告知用户此网站的真实身份,一个假冒银行网站加密有任何意义吗?没有并且更糟糕。
> >
> >
> > Best Regards,
> >
> > Richard Wang
> >
> > Original Message
> > From: Ryan Sleevi via dev-security-pol
更糟糕。
>
>
> Best Regards,
>
> Richard Wang
>
> Original Message ----
> From: Ryan Sleevi via dev-security-policy
> Received: Thursday, 27 September 2018 00:53
> To: Jeremy Rowley
> Cc: Ryan Sleevi ; mozilla-dev-security-policy
> Subject: Re:
Best Regards,
Richard Wang
Original Message
From: Ryan Sleevi via dev-security-policy
Received: Thursday, 27 September 2018 00:53
To: Jeremy Rowley
Cc: Ryan Sleevi ; mozilla-dev-security-policy
Subject: Re: Google Trust Services Root Inclusion Request
On Wed, Sep 26, 2018 at 12:04 PM J
ssage
From: Ryan Sleevi via dev-security-policy
Received: Thursday, 27 September 2018 00:44
To: Richard Wang
Cc: Ryan Sleevi ; mozilla-dev-security-policy ; Jeremy Rowley
Subject: Re: Re: Google Trust Services Root Inclusion Request
Hi Richard,
A few corrections:
On Wed, Sep 26, 2018
On Wed, 26 Sep 2018 16:03:58 +
Jeremy Rowley via dev-security-policy
wrote:
> Note that I didn’t say Google controlled the policy. However, as a
> module peer, Google does have significant influence over the policy
> and what CAs are trusted by Mozilla. Although everyone can
> participate in
I'm disputing the conclusion that is being drawn from Jake's concerns,
rather than the concerns themselves. Primarily, I disagree with the
conclusion that because Google owns a browser with dominant market share
and - due to the substantial contributions they make here - because Google
has
On Wed, Sep 26, 2018 at 12:04 PM Jeremy Rowley
wrote:
> I also should also emphasize that I’m speaking as Jeremy Rowley, not as
> DigiCert.
>
>
>
> Note that I didn’t say Google controlled the policy. However, as a module
> peer, Google does have significant influence over the policy and what
Hi Richard,
A few corrections:
On Wed, Sep 26, 2018 at 11:36 AM Richard Wang via dev-security-policy <
dev-security-policy@lists.mozilla.org> wrote:
> Ryan mentioned WoSign/StartCom and 360, so I like to say some words.
>
> First, I think your idea is not a proper metaphor because 360 browser
>
Sent: Wednesday, September 26, 2018 12:43 AM
To: Jeremy Rowley
Cc: mozilla-dev-security-pol...@lists.mozilla.org
Subject: Re: Google Trust Services Root Inclusion Request
(While covered in https://wiki.mozilla.org/CA/Policy_Participants , I'm going
to emphasize that this response
you for still remembering WoSign.
Best Regards,
Richard Wang
Original message
From: Ryan Sleevi via dev-security-policy
Received: 2018-09-26 14:48:28
To: Jeremy Rowley
Cc: mozilla-dev-security-pol...@lists.mozilla.org
Subject: Re: Google Trust Services Root Inclusion Request
On 26/09/2018 09:43 πμ, Ryan Sleevi via dev-security-policy wrote:
> (While covered in https://wiki.mozilla.org/CA/Policy_Participants , I'm
> going to emphasize that this response is in a personal capacity)
>
> On Wed, Sep 26, 2018 at 12:10 AM Jeremy Rowley via dev-security-policy <
>
(While covered in https://wiki.mozilla.org/CA/Policy_Participants , I'm
going to emphasize that this response is in a personal capacity)
On Wed, Sep 26, 2018 at 12:10 AM Jeremy Rowley via dev-security-policy <
dev-security-policy@lists.mozilla.org> wrote:
> Jake's concern is legit if you believe
On Mon, 17 Sep 2018 18:41:07 -0500
Jake Weisz via dev-security-policy
wrote:
> I guess under this logic, I withdraw my protest. As you say, Google
> could simply start using these certificates, and Mozilla executives
> would force you to accept them regardless of any policy violations in
> order
A few thoughts, inlined below...
On Monday, September 17, 2018 at 6:42:29 PM UTC-5, Jake Weisz wrote:
> I guess under this logic, I withdraw my protest. As you say, Google
> could simply start using these certificates, and Mozilla executives
> would force you to accept them regardless of any
I guess under this logic, I withdraw my protest. As you say, Google
could simply start using these certificates, and Mozilla executives
would force you to accept them regardless of any policy violations in
order to keep people using Firefox. This whole process appears to
mostly just be a veneer of
On Mon, Sep 17, 2018 at 3:19 PM jtness--- via dev-security-policy <
dev-security-policy@lists.mozilla.org> wrote:
>
> The risk of any given browser vendor also being a Root CA is small as most
> browser vendors do not have the requisite market share to make unilateral
> decisions. Google
On Monday, September 17, 2018 at 1:18:47 PM UTC-5, Wayne Thayer wrote:
> On Mon, Sep 17, 2018 at 9:43 AM Wayne Thayer wrote:
>
> > Even though the discussion period has ended, Mozilla will continue to
> > consider factual information that is submitted as comments here:
> >
On Mon, Sep 17, 2018 at 9:43 AM Wayne Thayer wrote:
> Even though the discussion period has ended, Mozilla will continue to
> consider factual information that is submitted as comments here:
> https://bugzilla.mozilla.org/show_bug.cgi?id=1325532
>
> Your concern about "without comment and then
Even though the discussion period has ended, Mozilla will continue to
consider factual information that is submitted as comments here:
https://bugzilla.mozilla.org/show_bug.cgi?id=1325532
Your concern about "without comment and then get approved" may stem from a
misunderstanding of Mozilla's
I am disappointed I didn't see this before the three week comment period,
because this is an incredible disaster. Mozilla is seriously considering
permitting a company with a completely unilateral ability to shut other Root
CAs down (via their market share over Chrome and Android, and that the
The three week discussion period for this inclusion request has passed with
no comments received. I am now closing
this discussion with a recommendation to approve this request. Any further
comments should be added directly to the bug.
- Wayne
On Thu, Aug 23, 2018 at 3:58 PM Wayne Thayer wrote:
28 matches
Mail list logo