On Tue, Oct 25, 2016 at 12:12:47PM -0700, Ryan Sleevi wrote:
> That is, according to the BRs, the issuer of a technically constrained
> subordinate CA has a BR-obligation to ensure that their TCSCs are adhering to
> the BRs and the issuing CA's policies and practices, as well as conduct a
>
That you have to ask WoSign.
The exact wording is
"将增加一个产品选项,用户可以选购从新的沃通(WoSign)中级根证书下签发的支持所有浏览器(包括火狐浏览器)的SSL证书,在过渡期八折优惠。此中级根证书将由全球信任的其他CA根证书签发,支持所有浏览器和所有新老终端设备。此项产品升级计划一个月内完成并为广大用户提供证书服务;"
My translation: [WoSign] will add a new product selection. Users can choose SSL
certs signed by the new
StartCom on the other hand, issued no announcement (https://startssl.com/News)
even under multiple explicit inquires from multiple users
(https://forum.startcomca.com/viewforum.php?f=16=549011a08d3a081898f1e1542d3ecc10).
___
dev-security-policy
On Tuesday, October 25, 2016 at 4:56:57 PM UTC-7, Nick Lamb wrote:
> Is it possible for someone to write up the details of the non-compliant
> issuances and so on ? I would find it much easier to comment on the
> particulars of 1311200 if they were more specific.
This doesn't seem relevant;
WoSign has posted an announcement regarding Mozilla's decision. In the
announcement, WoSign stated
WoSign actively cooperated with the investigation and has always fix all the
issues immediately after the discovery and called Mozilla's decision
"exceptionally severe".
Certs issued by
On 26/10/16 01:27, Percy wrote:
> WoSign will roll out a globally trusted intermediate cert to sign new
> certs with the existing WoSign system that had so many control
> failures.
>
> Does Mozilla and this community accept such a work-around for WoSign?
> If we do, then what's the point of
On Tuesday, 25 October 2016 21:16:36 UTC+1, Ryan Sleevi wrote:
> The linked bug is a concrete example, where an unconstrained sub-CA was
> revoked, due to non-compliance with the BRs, but has now been cross-certified
> as a constrained sub-CA. All of these non-BR compliant certificates are now
在 2016年10月25日星期二 UTC+8上午8:45:26,Ryan Sleevi写道:
> [Note: This is cross-posted. The best venue for follow-up questions is the
> public mailing list at ct-pol...@chromium.org or the post at
> https://groups.google.com/a/chromium.org/d/msg/ct-policy/78N3SMcqUGw/ykIwHXuqAQAJ
> ]
> [Note: Posting
On Tuesday, 25 October 2016 15:45:26 UTC+1, Han Yuwei wrote:
> Is there any timetable for enforcing CAs to support embedded CT or OCSP CT?
Well, the effect of Google's policy is that if you're a subscriber looking to
obtain certificates a year from now you have three options
1. Don't care
在 2016年10月25日星期二 UTC+8下午11:39:31,Nick Lamb写道:
> On Tuesday, 25 October 2016 15:45:26 UTC+1, Han Yuwei wrote:
> > Is there any timetable for enforcing CAs to support embedded CT or OCSP CT?
>
> Well, the effect of Google's policy is that if you're a subscriber looking to
> obtain certificates a
In https://bugzilla.mozilla.org/show_bug.cgi?id=1311200 , Kathleen suggested I
bring the broader discussion to mozilla.dev.security.policy, so this is that
thread.
At present, there's an element of inconsistency between the BRs and Mozilla
Policy that leads to some confusion.
With respect to
11 matches
Mail list logo
