Thanks for pointing this out Ryan and Dimitris. You are both correct: we
should direct Taiwan GRCA to change their request from including the root
to including only the subordinate CAs that comply with the Mozilla policy.
The option of adding the non-compliant subordinate CAs to OneCRL does not
You can find a link to the final version of the survey at
https://wiki.mozilla.org/CA/Communications#January_2018_CA_Communication
We're planning to send this out to all CAs in the Mozilla program later
today. The deadline for responses has been set to 9-February.
Thanks to everyone who
The email has been sent, and we've published a blog post:
https://blog.mozilla.org/security/2018/01/29/january-2018-ca-communication/
On Monday, January 29, 2018 at 1:15:51 PM UTC-7, Wayne Thayer wrote:
> You can find a link to the final version of the survey at
>
Le jeudi 27 avril 2017 15:22:27 UTC+2, Aaron Wu a écrit :
> This request from the Dhimyotis/Certigna is to include the SHA-256 ‘Certigna
> Root CA’ certificate and turn on the Websites and Email trust bits. This root
> certificate will eventually replace the SHA-1 ‘Certigna’ root certificate
>
Hi Ryan,
I noticed that your notes refer to a previous version of the CPS and not the
current one
here is a link to the current version which is 4.1.
https://s3-us-west-2.amazonaws.com/comsign/CPS/CPS_4.1_eng.pdf
About the CA software – we are now under auditing for our new Microsoft CA and
Yair,
Will you please provide a detailed response to each of Ryan's points? Also,
please provide the specific version of the RSA Certificate Manager in use
by ComSign.
Thanks,
Wayne
On Mon, Jan 29, 2018 at 8:43 AM, YairE via dev-security-policy <
dev-security-policy@lists.mozilla.org> wrote:
> On Jan 29, 2018, at 19:48, James Burton via dev-security-policy
> wrote:
>
> I was doing research on the ccadb.org site and was surprised to find that
> the site is running only in HTTP and is not using HTTPS.
There is already a bug about this:
Hrm, I didn’t realize it had been restricted. The gist is that bug is closed as
incomplete as of three months ago and there is a new bug that I don’t have
access to: https://bugzilla.mozilla.org/show_bug.cgi?id=1409786
> On Jan 29, 2018, at 20:02, James Burton wrote:
>
> Hi
Hi Jonathan,
I haven't got the required permission to access bug 1376996.
Thank you,
James
On Tue, Jan 30, 2018 at 12:57 AM, Jonathan Rudenberg
wrote:
>
> > On Jan 29, 2018, at 19:48, James Burton via dev-security-policy <
> dev-security-policy@lists.mozilla.org>
I was doing research on the ccadb.org site and was surprised to find that
the site is running only in HTTP and is not using HTTPS. Now, I understand
that GitHub pages don't support HTTPS for custom domains but you could
always use CloudFlare for HTTPS support in the meantime until GitHub
enables
10 matches
Mail list logo