On Tuesday, November 15, 2016 at 3:58:26 PM UTC-8, Kathleen Wilson wrote:
> If there are no objections or concerns about this request, then I will
> recommend approval in the bug.
Thanks to those of you who reviewed and commented on this request from Symantec
to include their Symantec-brand
Hi Gerv,
I've been trying to stay on top of the SHA-1 phase-out discussion but lost
track. Where did it leave off?
I think I saw something of doing a ban at the browser level to not trust the
SHA-1 algorithm. Is this possible?
Kenneth Myers
Manager
+1.571.366.6120 +1.703.299.3046 fax
On Mon, Nov 21, 2016 at 11:51 AM, Brian Smith wrote:
> Nobody said anything about blocking 6962-bis. Removing that one section is a
> smaller change in terms than the change Google made to the document just
> last week, as far as the practical considerations are concerned.
Ryan Sleevi wrote:
> On Mon, Nov 21, 2016 at 11:01 AM, Brian Smith
> wrote:
> > Absolutely we should be encouraging them to proliferate. Every site that
> is
> > doing anything moderately complex and/or that wants to use key pinning
> > should be using
On Mon, Nov 21, 2016 at 11:01 AM, Brian Smith wrote:
> Absolutely we should be encouraging them to proliferate. Every site that is
> doing anything moderately complex and/or that wants to use key pinning
> should be using them.
I do hope you can expand upon the former as to
Gervase Markham wrote:
> On 18/11/16 19:13, Brian Smith wrote:
> > Regardless, the main point of that message of mine was left out: You
> could
> > limit, in policy and in code, the acceptable lifetime of name-constrained
> > externally-operated sub-CAs
>
> Presumably the
mozilla.dev.security.policy has become the /de facto/ place for
discussion root program policy relating to the Web PKI, not just for
Mozilla, because people want to take advantage of the expertise of the
members here. Mozilla is very happy to host these wider discussions, in
the name of making the
On 18/11/16 20:21, Brian Smith wrote:
I think there might be ways to fix the name-constrained sub-CA stuff for
RFC 6962-bis, but those kinds of improvements are unlikely to happen in RFC
6962-bis itself, it seems. They will have to happen in an update to RFC
6962-bis.
I also disagree with
Hi Brian,
On 18/11/16 19:13, Brian Smith wrote:
> Regardless, the main point of that message of mine was left out: You could
> limit, in policy and in code, the acceptable lifetime of name-constrained
> externally-operated sub-CAs
Presumably the "externally-operated" part would need to be
9 matches
Mail list logo