On Mon, Apr 3, 2017 at 12:46 PM, Jakob Bohm via dev-security-policy <
dev-security-policy@lists.mozilla.org> wrote:
>
> How about this simple explanation (purely a guess, not at all checked):
>
I think we should focus on objective facts and statements. While there are
a number of possible ways to
On 03/04/17 02:37, Peter Bowen wrote:
> I believe Issue L is incorrectly dated.
Thank you for this; I have updated Issue L to hopefully be more
accurate, but I intend to keep it as a separate issue.
Gerv
___
dev-security-policy mailing list
On 01/04/17 05:57, Peter Bowen wrote:
> The GeoRoot program was very similar to that offered by many CAs a few
> years ago. CyberTrust (then Verizon, now DigiCert) has the OmniRoot
> program, Entrust has a root signing program[1], and GlobalSign Trusted
> Root[2] are just a few examples.
While
On 01/04/17 00:38, Ryan Sleevi wrote:
> On Fri, Mar 31, 2017 at 2:39 PM, Gervase Markham via dev-security-policy <
> Thanks for organizing this information, as much of it was related to and
> relevant to Google's recent announcement. I want to take this opportunity
> to share additional details
On Sun, Apr 2, 2017 at 9:36 PM, Ryan Sleevi wrote:
>
> On Sun, Apr 2, 2017 at 11:14 PM Peter Bowen via dev-security-policy
> wrote:
>>
>> On Fri, Mar 31, 2017 at 11:39 AM, Gervase Markham via
>> dev-security-policy
On Sun, Apr 2, 2017 at 11:14 PM Peter Bowen via dev-security-policy <
dev-security-policy@lists.mozilla.org> wrote:
> On Fri, Mar 31, 2017 at 11:39 AM, Gervase Markham via
> dev-security-policy wrote:
> > As we continue to consider how best to react to the
On Fri, Mar 31, 2017 at 11:39 AM, Gervase Markham via
dev-security-policy wrote:
> As we continue to consider how best to react to the most recent incident
> involving Symantec, and given that there is a question of whether it is
> part of a pattern of
On Sat, Apr 1, 2017 at 12:57 AM, Peter Bowen wrote:
> (Wearing my personal hat)
>
> Ryan,
>
> I haven't reviewed the audit reports myself, but I'll assume all you
> wrote is true. However, I think it is important to consider it in the
> appropriate context.
> The GeoRoot
On Fri, Mar 31, 2017 at 4:38 PM, Ryan Sleevi via dev-security-policy
wrote:
> On Fri, Mar 31, 2017 at 2:39 PM, Gervase Markham wrote:
>
>> As we continue to consider how best to react to the most recent incident
>> involving Symantec, and given that there is
On Fri, Mar 31, 2017 at 2:39 PM, Gervase Markham via dev-security-policy <
dev-security-policy@lists.mozilla.org> wrote:
> As we continue to consider how best to react to the most recent incident
> involving Symantec, and given that there is a question of whether it is
> part of a pattern of
As we continue to consider how best to react to the most recent incident
involving Symantec, and given that there is a question of whether it is
part of a pattern of behaviour, it seemed best to produce an issues list
as we did with WoSign. This means Symantec has proper opportunity to
respond to
11 matches
Mail list logo