On 30/11/16 21:58, Kurt Roeckx wrote:
>> This would involve adding a footer:
>>
>> Any copyright in this document is dedicated to the Public Domain.
>>
>> with the link being to http://creativecommons.org/publicdomain/zero/1.0/.
>
> public domain and CC0 are very similar, but are not the
On 30/11/16 22:29, Han Yuwei wrote:
> Is there enough time for CAs to change their license?
This is a good question, but I would prefer we discuss them when I
start discussion on this topic. I am not starting discussion on all 17
topics at once in order to give people time to think about the 3 I
On 30/11/16 22:38, Han Yuwei wrote:
> I request to postpone this issue for further discussion for reasons below.
>
> 1. Is English CP/CPS authoritative or just a plain translation?
> 2. Requesting every changes to be published in English?
> 3. What should we do if there is conflicts between
On 30/11/16 23:25, Han Yuwei wrote:
> Github issue:https://github.com/mozilla/pkipolicy/issues/42
That issue is not currently targetted for 2.4. In the message titled
"Mozilla Root Store Policy 2.4: goals and process", I said:
> If you think any of them should be targetted at 2.4, please make
On 11/30/2016 3:28 PM, Matt Palmer wrote [in part]:
> On Wed, Nov 30, 2016 at 02:38:44PM -0800, Han Yuwei wrote [also in part]:
>> I request to postpone this issue for further discussion for reasons below.
>>
>> 1. Is English CP/CPS authoritative or just a plain translation?
>
> I expect it would
On Wed, Nov 30, 2016 at 02:38:44PM -0800, Han Yuwei wrote:
> I request to postpone this issue for further discussion for reasons below.
>
> 1. Is English CP/CPS authoritative or just a plain translation?
I expect it would be authoritative from Mozilla's perspective; that is, any
deviations from
Github issue:https://github.com/mozilla/pkipolicy/issues/42
My opinions:
It's good to restrict government CAs to certain TLDs for reasons below
1. government CA is intented to provide domestic assurance of IDs and services
for government's websites.
2. If we assume every government is "evil",
In https://github.com/mozilla/pkipolicy/issues/19 Gerv talked about what
shouldn't CA do but the discussion thread listed didn't continue.
There's my questions:
1. What's the definition about "The same organzition"?
The structure of large companys are very complicated now. With unaccoutable
I request to postpone this issue for further discussion for reasons below.
1. Is English CP/CPS authoritative or just a plain translation?
2. Requesting every changes to be published in English?
3. What should we do if there is conflicts between English version and CA's
native language due to
Is there enough time for CAs to change their license?
___
dev-security-policy mailing list
dev-security-policy@lists.mozilla.org
https://lists.mozilla.org/listinfo/dev-security-policy
On Wed, Nov 30, 2016 at 09:34:11PM +, Gervase Markham wrote:
> CAs may want to copy bits of our policy into their working documents and
> other things; the best way to make that easy is to use CC-0.
>
> This would involve adding a footer:
>
> Any copyright in this document is dedicated
CAs may want to copy bits of our policy into their working documents and
other things; the best way to make that easy is to use CC-0.
This would involve adding a footer:
Any copyright in this document is dedicated to the Public Domain.
with the link being to
We need to be clear in our terminology. The policy itself uses "CA" (or
"issuing CA" or "subordinate CA") to refer to the organization and "CA
certificate" to refer to the certificate fairly consistently. The two
exceptions which need fixing are:
Inclusion point 5 ("additional CAs")
Hi all,
The Mozilla root store policy has not been updated since July 2013 - 3.5
years ago. We are now on the verge of shipping version 2.3, which
contains some edits which have been pending for more than a year, agreed
during the last period of policy update activity. That version will be
At least for RFC 6962 (-bis is a different issue), pre-certs are certs
and so the duplication of (issuer name, serial number) between the
pre-cert and the cert is technically a violation of Mozilla policy; we
reserve the right not to include CAs who issue certs with "duplicate
issuer names and
Further Steps for WoSign
After further investigation we have concluded that in addition to multiple
control failures in the operation of the WoSign certificate authority (CA),
WoSign did not disclose the acquisition of StartCom.
We are taking further actions to protect users in an upcoming
16 matches
Mail list logo