Re: Root Store Policy 2.6

2018-06-21 Thread Wayne Thayer via dev-security-policy
Version 2.6 of the policy has been reviewed and (with some minor changes to section 7.3) approved by Mozilla's Legal department. I've set the effective date to July 1, 2018 and requested publication of the new version. Meanwhile, it can be found here:

Re: Root Store Policy 2.6

2018-05-18 Thread Wayne Thayer via dev-security-policy
I have incorporated the final changes from our policy discussions, as well as some corrections and clarifications that Kathleen and I found during our review, into the latest draft of the policy: https://github.com/mozilla/pkipolicy/compare/master...2.6 I would encourage everyone to review the

Re: Root Store Policy 2.6

2018-05-11 Thread Wayne Thayer via dev-security-policy
We're concluding discussions on all of the issues identified for version 2.6 of the policy [1]. You can find a complete set of changes here: https://github.com/mozilla/pkipolicy/compare/master...2.6 Two of the changes [2][3] require CAs to update their CP/CPS. For many CAs the current practice

Re: Root Store Policy 2.6

2018-03-19 Thread Wayne Thayer via dev-security-policy
There are 17 proposed changes in total for version 2.6 of the policy, and I'm about to kick off discussions on the first batch. I expect some of these to be straightforward while others will hopefully generate good dialogues. As always, everyone's constructive input is appreciated. Thanks, Wayne

Re: Root Store Policy 2.6

2018-02-21 Thread Wayne Thayer via dev-security-policy
I've added the issue of subordinate CA transfers to the list for policy version 2.6: https://github.com/mozilla/pkipolicy/issues/122 On Tue, Feb 20, 2018 at 4:50 PM, Ryan Sleevi wrote: > > > On Tue, Feb 20, 2018 at 6:19 PM, Wayne Thayer wrote: > >> Ryan,

Re: Root Store Policy 2.6

2018-02-20 Thread Ryan Sleevi via dev-security-policy
On Tue, Feb 20, 2018 at 6:19 PM, Wayne Thayer wrote: > Ryan, > > On Fri, Feb 16, 2018 at 3:19 PM, Ryan Sleevi wrote: > >> >> Hi Wayne, >> >> One point of possible clarification that should be undertaken is with >> respect to

Re: Root Store Policy 2.6

2018-02-20 Thread Wayne Thayer via dev-security-policy
Ryan, On Fri, Feb 16, 2018 at 3:19 PM, Ryan Sleevi wrote: > > Hi Wayne, > > One point of possible clarification that should be undertaken is with > respect to https://github.com/mozilla/pkipolicy/blob/master/rootstor > e/policy.md#8-ca-operational-changes > > While this section

RE: Root Store Policy 2.6

2018-02-20 Thread Stephen Davidson via dev-security-policy
Hello: I am following up regarding Ryan's comments relating to the DarkMatter external CAs signed by QuoVadis. In short: * QuoVadis has been transparent with Mozilla regarding these CAs throughout their existence, with the latest discussion occurring in the autumn of 2017 (see

Re: Root Store Policy 2.6

2018-02-16 Thread Ryan Sleevi via dev-security-policy
On Fri, Feb 16, 2018 at 3:41 PM, Wayne Thayer via dev-security-policy < dev-security-policy@lists.mozilla.org> wrote: > I have begun work on version 2.6 of the Root Store Policy by drafting some > changes that are [I hope] uncontroversial. The diff can be viewed at >

Root Store Policy 2.6

2018-02-16 Thread Wayne Thayer via dev-security-policy
I have begun work on version 2.6 of the Root Store Policy by drafting some changes that are [I hope] uncontroversial. The diff can be viewed at https://github.com/mozilla/pkipolicy/compare/2.6 The changes I have already drafted are: - Require disclosure of email validation practices in CPS