On 20/06/2017 08:08, Gervase Markham wrote:
On 20/06/17 01:21, Jakob Bohm wrote:
2. For any certificate bundle that needs to be incorporated into the
Mozilla root stores, a significant period (3 to 6 months at least)
will be needed between acceptance by Mozilla and actual trust by
On 20/06/17 01:21, Jakob Bohm wrote:
> 2. For any certificate bundle that needs to be incorporated into the
> Mozilla root stores, a significant period (3 to 6 months at least)
> will be needed between acceptance by Mozilla and actual trust by
> Mozilla users.
Not if the roots were
Notes on your below suggested timeline:
1. I see no reason to have that many new root bundles from Symantec.
Ideally, there would be just two bundles: A transitional root bundle
which signs the outsourced SubCAs only, and a final bundle intended
to become the new long-term Symantec roots.
My thoughts:2) Timeline.I agree with Symantec that Google's original deadlines are far too aggressive, for 2 reasons. First, I do not think Symantec can move quickly without causing further damage. Second, I do
On Tuesday, June 6, 2017 at 10:03:29 AM UTC-4, Gervase Markham wrote:
> On 02/06/17 15:53, Gervase Markham wrote:
> > https://www.symantec.com/connect/blogs/symantec-s-response-google-s-subca-proposal
>
> I'm slightly surprised to see no engagement here.
I think many of us are worn out with the
On 06/06/17 19:59, Jakob Bohm wrote:
> I don't see a problem in access to this being subject to a reasonable
> NDA that allows Mozilla to show it to their choice of up to 50 external
> experts (I don't expect to be one of those 50).
The problem with an NDA is that if the audit reports significant
On Tuesday, June 6, 2017 at 2:03:29 PM UTC, Gervase Markham wrote:
>
> 1) Scope of Distrust
>
> Google proposal: existing CT-logged certificates issued after 1st June
> 2016 would continue to be trusted until expiry.
> Symantec proposal: all CT-logged certificates should continue to be
> trusted
On Tuesday, June 6, 2017 at 9:03:29 AM UTC-5, Gervase Markham wrote:
> I'm slightly surprised to see no engagement here. Perhaps it would be
> help to break it down. Symantec's specific requests for modification are
> as follows (my interpretation):
>
> 1) Scope of Distrust
>
> Google proposal:
On 06/06/2017 16:02, Gervase Markham wrote:
On 02/06/17 15:53, Gervase Markham wrote:
https://www.symantec.com/connect/blogs/symantec-s-response-google-s-subca-proposal
I'm slightly surprised to see no engagement here. Perhaps it would be
help to break it down. Symantec's specific requests
I broadly echo many of the comments and thoughts of Martin Heaps earlier in
this thread.
Much of Symantec's response is disheartening, especially in the "inaccuracies":
(the apparent dichotomy between how they have acted and their statement that
they only employ the best people implementing
Here are some thoughts from me:
On 06/06/17 15:02, Gervase Markham wrote:
> 1) Scope of Distrust
I have sought more information from Google on this.
> 2) Timeline
I think the question here is, what is our position, and on what basis do
we decide it? If we want to impose an aggressive but
On Tue, Jun 6, 2017 at 10:02 AM, Gervase Markham via dev-security-policy <
dev-security-policy@lists.mozilla.org> wrote:
> On 02/06/17 15:53, Gervase Markham wrote:
> > https://www.symantec.com/connect/blogs/symantec-s-
> response-google-s-subca-proposal
>
> I'm slightly surprised to see no
As an incidental, I am negatively influenced by reading Symantecs response:
On Friday, 2 June 2017 16:48:45 UTC+1, Steve Medin wrote:
>
> https://www.symantec.com/connect/blogs/symantec-s-response-google-
> s-subca-proposal
>
>
>
> > Our primary objective has always been to minimize any
Hi Gerv--Is Mozilla willing to consider a simpler approach in this matter? For example, it seems that much of the complexity of the Google/Symantec proposal stems from this new PKI idea. I think Mozilla could
illa.org
> Subject: [EXT] Symantec response to Google proposal
>
> https://www.symantec.com/connect/blogs/symantec-s-response-google-
> s-subca-proposal
>
> Symantec have responded to the Google proposal (which Mozilla has
> endorsed as the basis for further discussion) with a se
15 matches
Mail list logo