Re: Updating Root Inclusion Criteria (organizations)

2018-01-22 Thread Jakob Bohm via dev-security-policy
On 22/01/2018 10:47, Gervase Markham wrote: On 19/01/18 13:20, Jakob Bohm wrote: My suggestions are only meant to inspire formal rules written / chosen by module leaders such as you. But the entire point of this discussion is that we are pointing out it's hard to make such rules in the way

Re: Updating Root Inclusion Criteria (organizations)

2018-01-22 Thread Gervase Markham via dev-security-policy
On 19/01/18 13:20, Jakob Bohm wrote: > My suggestions are only meant to inspire formal rules written / chosen > by module leaders such as you. But the entire point of this discussion is that we are pointing out it's hard to make such rules in the way you have just made them without being

Re: Updating Root Inclusion Criteria (organizations)

2018-01-19 Thread Jakob Bohm via dev-security-policy
On 19/01/2018 11:09, Gervase Markham wrote: On 19/01/18 01:05, Jakob Bohm wrote: On 18/01/2018 11:01, Gervase Markham wrote: On 17/01/18 19:49, Jakob Bohm wrote: 3. Major vertical CAs for high value business categories that issue    publicly trusted certificates at better than EV level

Re: Updating Root Inclusion Criteria (organizations)

2018-01-19 Thread Gervase Markham via dev-security-policy
On 19/01/18 01:05, Jakob Bohm wrote: > On 18/01/2018 11:01, Gervase Markham wrote: >> On 17/01/18 19:49, Jakob Bohm wrote: >>> 3. Major vertical CAs for high value business categories that issue >>>    publicly trusted certificates at better than EV level integrity.  For >> >> How do you define

Re: Updating Root Inclusion Criteria (organizations)

2018-01-18 Thread Jakob Bohm via dev-security-policy
On 18/01/2018 11:01, Gervase Markham wrote: On 17/01/18 19:49, Jakob Bohm wrote: 3. Major vertical CAs for high value business categories that issue   publicly trusted certificates at better than EV level integrity.  For How do you define "major"? And "high value business category"? Major

Re: Updating Root Inclusion Criteria (organizations)

2018-01-18 Thread Gervase Markham via dev-security-policy
On 17/01/18 19:49, Jakob Bohm wrote: > 3. Major vertical CAs for high value business categories that issue >   publicly trusted certificates at better than EV level integrity.  For How do you define "major"? And "high value business category"? > 4. Selected company CAs for a handful of

Re: Updating Root Inclusion Criteria (organizations)

2018-01-17 Thread Jakob Bohm via dev-security-policy
On 17/01/2018 22:51, Peter Bowen wrote: On Wed, Jan 17, 2018 at 11:49 AM, Jakob Bohm via dev-security-policy wrote: 4. Selected company CAs for a handful of too-bit-to-ignore companies that refuse to use a true public CA. This would currently probably

Re: Updating Root Inclusion Criteria (organizations)

2018-01-17 Thread Peter Bowen via dev-security-policy
On Wed, Jan 17, 2018 at 11:49 AM, Jakob Bohm via dev-security-policy wrote: > 4. Selected company CAs for a handful of too-bit-to-ignore companies > that refuse to use a true public CA. This would currently probably > be Microsoft, Amazon and Google.

Re: Updating Root Inclusion Criteria (organizations)

2018-01-17 Thread Jakob Bohm via dev-security-policy
As for what CA organizations to include in a future iteration of the Mozilla root store, I would say that there are 4 groups that I (as a browser user) would like to get included and 2 which I would not: 1. Global public CAs that provide certificates to subscribers from all over the world