On Fri, Feb 7, 2020 at 7:55 AM douglas.beattie--- via dev-security-policy <
dev-security-policy@lists.mozilla.org> wrote:
> On Thursday, February 6, 2020 at 6:05:20 PM UTC-5, Ryan Sleevi wrote:
> > (Replying from the correct e-mail)
> >
> > On Thu, Feb 6, 2020 at 3:55 PM Doug Beattie via
On Thursday, February 6, 2020 at 6:05:20 PM UTC-5, Ryan Sleevi wrote:
> (Replying from the correct e-mail)
>
> On Thu, Feb 6, 2020 at 3:55 PM Doug Beattie via dev-security-policy <
> dev-security-policy@lists.mozilla.org> wrote:
>
> > We should clarify the Mozilla policy to more clearly define
(Replying from the correct e-mail)
On Thu, Feb 6, 2020 at 3:55 PM Doug Beattie via dev-security-policy <
dev-security-policy@lists.mozilla.org> wrote:
> We should clarify the Mozilla policy to more clearly define list of fields
> containing email address (those 3 listed above) must be validated
On Thu, Feb 06, 2020 at 09:31:40PM +, Doug Beattie via dev-security-policy
wrote:
> I don't agree that the CA MUST validate EVERY field. CAs leverage
> enterprise RAs to validate some information in SMIME certificates, e.g., the
> subscribers name in the CN field because the CA can't readily
is the
active directly account, but I thought I'd start a discussion to see what
people thought.
Doug
-Original Message-
From: Kurt Roeckx
Sent: Thursday, February 6, 2020 4:06 PM
To: Doug Beattie
Cc: mozilla-dev-security-policy
Subject: Re: Which fields containing email addresses need
On Thu, Feb 06, 2020 at 08:54:04PM +, Doug Beattie via dev-security-policy
wrote:
> It's not against Mozilla policy to
> issue certificates with unvalidated email addresses in any field as long as
> the Secure Mail EKU is not included, so the intent should be to validate
> only those that are
The Mozilla policy section 2.2 says:
* . the CA takes reasonable measures to verify that the entity
submitting the request controls the email account associated with the email
address referenced in the certificate.
Since the Mozilla policy only applies to certificates with the EKU of
7 matches
Mail list logo