Second Discussion of KIR S.A. Root Inclusion Request

Krajowa Izba Rozliczeniowa (KIR) S.A. has applied to include the "SZAFIR ROOT CA" root certificate and enable all three trust bits. The first discussion is here: https://groups.google.com/d/msg/mozilla.dev.security.policy/aNbK4zw_Zb8/ekmVXYXvfQ4J The action items resulting from the first discus

Second Discussion of KIR S.A. Root Inclusion Request

Please note that we have made changes in the CPS ad CP. You can find the documents here: http://www.elektronicznypodpis.pl/Documents They are waiting for aproval of our Management Board. We hope it will be accepted within a week. In CPS in section 3.2.2 we added in third paragraph: "Domain name

Re: Second Discussion of KIR S.A. Root Inclusion Request

On Mon, February 9, 2015 1:08 pm, Kathleen Wilson wrote: > Krajowa Izba Rozliczeniowa (KIR) S.A. has applied to include the "SZAFIR > ROOT CA" root certificate and enable all three trust bits. > > The first discussion is here: > > https://groups.google.com/d/msg/mozilla.dev.security.policy/aNb

Re: Second Discussion of KIR S.A. Root Inclusion Request

On Mon, Feb 9, 2015 at 4:19 PM, Ryan Sleevi wrote: > Section 3.2.2 describes a means for validating domain ownership that is > not described within Section 11.1.1 of the BR 1.2.3. In particular, it > uses the WHOIS information (described in 11.1.1 p3) in conjunction with > email (described in 11.1

Re: Second Discussion of KIR S.A. Root Inclusion Request

All, I have confirmed that KIR has made the changes listed below to their CPS and CP. CPS: http://www.elektronicznypodpis.pl/files/doc/certification_practice_statement.pdf CP: http://elektronicznypodpis.pl/files/doc/certification_policy.pdf Are there any further questions or comments about

Re: Second Discussion of KIR S.A. Root Inclusion Request

On Tue, March 3, 2015 12:32 pm, Kathleen Wilson wrote: > All, > I have confirmed that KIR has made the changes listed below to their CPS > and CP. > CPS: > > http://www.elektronicznypodpis.pl/files/doc/certification_practice_statement.pdf CP: http://elektronicznypodpis.pl/files/doc/certificat

Re: Second Discussion of KIR S.A. Root Inclusion Request

On 2/9/15 1:08 PM, Kathleen Wilson wrote: Krajowa Izba Rozliczeniowa (KIR) S.A. has applied to include the "SZAFIR ROOT CA" root certificate and enable all three trust bits. The first discussion is here: https://groups.google.com/d/msg/mozilla.dev.security.policy/aNbK4zw_Zb8/ekmVXYXvfQ4J The a

Re: Second Discussion of KIR S.A. Root Inclusion Request

On 4/6/15 2:06 PM, Kathleen Wilson wrote: On 2/9/15 1:08 PM, Kathleen Wilson wrote: Krajowa Izba Rozliczeniowa (KIR) S.A. has applied to include the "SZAFIR ROOT CA" root certificate and enable all three trust bits. The first discussion is here: https://groups.google.com/d/msg/mozilla.dev.secur

Re: Second Discussion of KIR S.A. Root Inclusion Request

On 4/8/15 10:12 AM, Kathleen Wilson wrote: On 4/6/15 2:06 PM, Kathleen Wilson wrote: On 2/9/15 1:08 PM, Kathleen Wilson wrote: Krajowa Izba Rozliczeniowa (KIR) S.A. has applied to include the "SZAFIR ROOT CA" root certificate and enable all three trust bits. The first discussion is here: https

Re: Second Discussion of KIR S.A. Root Inclusion Request

On 01/12/2015 19:26, Kathleen Wilson wrote: On 4/8/15 10:12 AM, Kathleen Wilson wrote: On 4/6/15 2:06 PM, Kathleen Wilson wrote: On 2/9/15 1:08 PM, Kathleen Wilson wrote: Krajowa Izba Rozliczeniowa (KIR) S.A. has applied to include the "SZAFIR ROOT CA" root certificate and enable all three tru

Re: Second Discussion of KIR S.A. Root Inclusion Request

On 12/1/15 3:53 PM, Jakob Bohm wrote: Just an aside: That 20 byte limit sounds like something in NSS hasn't been updated past SHA-1 yet! (I do know that certificate serial numbers are not really hash values in any verifiable way, but that is the historic design reason for setting the default

Re: Second Discussion of KIR S.A. Root Inclusion Request

On 12/1/15 10:26 AM, Kathleen Wilson wrote: Inclusion of the "SZAFIR ROOT CA" root certificate was approved. https://bugzilla.mozilla.org/show_bug.cgi?id=817994#c62 However, when we were testing the changes to include this root certificate, we noticed that the serial number was too long, so we

ODP: Re: Second Discussion of KIR S.A. Root Inclusion Request

erverAuth" EKU MUSTNOT be included in any certificate that does not conform to the "SSL"profile. Answer: Please, let us know if these explanations are enough. Then we will send the draft of CPS within a week. Od: "Ryan Sleevi" Do: "Kathleen Wilson"

ODP: Re: Second Discussion of KIR S.A. Root Inclusion Request

9.2.4(f); it just seems to describe additional controls on who KIR S.A will issue to. Is this correct? KIR's answer: Yes exactly. This is additional check as it is required in 11.2.5 BR. Od: "Ryan Sleevi" Do: "Kathleen Wilson" , DW: mozilla-dev-sec

Re: ODP: Re: Second Discussion of KIR S.A. Root Inclusion Request

On Fri, March 20, 2015 8:10 am, Certificates wrote: > Hello, > > Thank you for your detailed second review. > > Please, find our answers below. Kathleen pointed out my original message was unclear, but I think it's fine to progress on this inclusion. While nothing prohibits OCSP nonces, I do h