[ Disclaimer: This message is my personal view and does not
necessarily represent that of my employer. ]
On Fri, May 20, 2016 at 5:41 PM, wrote:
> Peter -- the reference to BR 9.6.8(8) is interesting, but is not really
> relevant to discussion of the requirements of BR
On Friday, May 20, 2016 at 2:39:20 AM UTC-7, Rob Stradling wrote:
> On 19/05/16 21:48, Kathleen Wilson wrote:
> > On Monday, May 16, 2016 at 1:33:40 PM UTC-7, Rob Stradling wrote:
> >> However, ISTM that a "proposed change currently in discussion" is less
> >> authoritative than the CA
Does anyone have questions, concerns, or feedback on this request from the
Government of Japan, Ministry of Internal Affairs and Communications, to
include the GPKI 'ApplicationCA2 Root' certificate and enable the Websites
trust bit?
Kathleen
___
[ Disclaimer: This message is my personal view and does not
necessarily represent that of my employer. ]
On Thu, May 19, 2016 at 9:15 AM, wrote:
> This has been a very surprising discussion to me. If most CAs were asked “Do
> you think CAs are supposed to investigate
On Thu, 19 May 2016 16:52:26 -0700 (PDT)
tech29...@gmail.com wrote:
> Your main concern – unjustified delay in issuing a certificate to
> your customer while a human looks at the domain to decide if there is
> a problem - is not really related to any of Kathleen’s questions.
> Your other comments
On 19/05/16 00:45, Matt Palmer wrote:
> How so? It could be a site providing information from a third party on how
> to make and receive payments via PayPal. It could also be a site operated
> by a third party on behalf of PayPal. Inferring nefarious intent from a
> domain name seems like a
On 18/05/16 17:35, Ben Wilson wrote:
> Looking at the threat from a defense-in-depth/orthogonal perspective,
> doesn't it make sense that everyone -- browsers, ICANN, CAs, etc. -- does
> something to combat malicious websites for the public?
Not necessarily, if what they do ends up damaging
On 19/05/16 20:26, Peter Kurrasch wrote:
> My recommendation is for Mozilla to reject this request from Symantec
> on the grounds that it is unnecessary. As others have pointed out
> recently, the chief function of a CA is to certify identity. That
> certification should be ably met with the
On Friday, May 20, 2016 at 2:09:42 AM UTC-7, Ben Laurie wrote:
> > 4.9.3. Procedure for Revocation Request
> >
> >"*** The CA SHALL provide Subscribers, Relying Parties, Application
> > Software Suppliers, and other third parties with clear instructions for
> > reporting suspected Private
On 19/05/16 21:48, Kathleen Wilson wrote:
On Monday, May 16, 2016 at 1:33:40 PM UTC-7, Rob Stradling wrote:
However, ISTM that a "proposed change currently in discussion" is less
authoritative than the CA Communication (which, as I've said, seems to
explicitly require multiple disclosures of
10 matches
Mail list logo