Re: Request to Include 4 Microsoft Root CAs

2020-04-01 Thread wthayer--- via dev-security-policy
I’d like to update everyone on the status of this Microsoft root inclusion request: After it was approved, Kathleen filed bug #1582254 [1] requesting that these four roots be added to NSS. Then it was pointed out in a different mozilla.dev.security.policy thread [2] that the roots submitted

Re: Request to Include 4 Microsoft Root CAs

2019-10-15 Thread Ryan Sleevi via dev-security-policy
(Replying for the correct address this time) On Fri, Aug 16, 2019 at 4:28 PM Jason via dev-security-policy < dev-security-policy@lists.mozilla.org> wrote: > Hi All, > > This is Jason from the Microsoft PKI Services team. I’d like to add some > context to the note about the certs issued from the

Re: Request to Include 4 Microsoft Root CAs

2019-09-11 Thread Wayne Thayer via dev-security-policy
Having received no further comments, I have recommended approval of this request in bug 1448093. - Wayne On Thu, Sep 5, 2019 at 5:16 PM Wayne Thayer wrote: > Microsoft will use the CAB Forum OID 2.23.140.1.1 for EV. > > Unless a CA has an existing EV policy OID associated with root(s) in our >

Re: Request to Include 4 Microsoft Root CAs

2019-09-05 Thread Wayne Thayer via dev-security-policy
Microsoft will use the CAB Forum OID 2.23.140.1.1 for EV. Unless a CA has an existing EV policy OID associated with root(s) in our program, we have been strongly encouraging the use of the CAB Forum OID. This request is past the 3-week minimum discussion period. If no significant comments are

Re: Request to Include 4 Microsoft Root CAs

2019-08-19 Thread Daniel Marschall via dev-security-policy
Hello, Is there an EV Policy OID assigned? I can't find it. - Daniel Am Mittwoch, 14. August 2019 00:42:44 UTC+2 schrieb Wayne Thayer: > This request is for inclusion of the Microsoft RSA Root Certificate > Authority 2017, Microsoft ECC Root Certificate Authority 2017, Microsoft EV > RSA Root

Re: Request to Include 4 Microsoft Root CAs

2019-08-16 Thread Jason via dev-security-policy
Hi All, This is Jason from the Microsoft PKI Services team. I’d like to add some context to the note about the certs issued from the Microsoft RSA Root Certificate Authority 2017. As you can see, these were all issued to a domain registered to Microsoft. While these clearly violate the Subject

Request to Include 4 Microsoft Root CAs

2019-08-13 Thread Wayne Thayer via dev-security-policy
This request is for inclusion of the Microsoft RSA Root Certificate Authority 2017, Microsoft ECC Root Certificate Authority 2017, Microsoft EV RSA Root Certificate Authority 2017, and Microsoft EV ECC Root Certificate Authority 2017 trust anchors as documented in the following bug: