Re: Let's Encrypt and Wildcard Domains

2017-08-28 Thread Patrick Figel via dev-security-policy
In what way would this be a policy violation? Most CAs trusted by Mozilla issue wildcard certificates. Perhaps you were thinking of EV certificates? For EV, wildcard is indeed not permitted, but Let's Encrypt does not issue EV at all. On 29/08/2017 04:31, David E. Ross via dev-security-policy

Let's Encrypt and Wildcard Domains

2017-08-28 Thread David E. Ross via dev-security-policy
I just read mention that Let's Encrypt will be enabling wildcard domains, possibly by the end of this year. Is this not a violation of Mozilla policy? I saw this in the eternal-september.support newsgroup, which is available only via the news.eternal-september.org NNTP server. The thread

Re: O=U.S. Government for non-USG entity (IdenTrust)

2017-08-28 Thread identrust--- via dev-security-policy
On Friday, August 18, 2017 at 7:22:06 PM UTC-4, iden...@gmail.com wrote: > On Thursday, August 17, 2017 at 2:35:15 PM UTC-4, Jonathan Rudenberg wrote: > > > On Aug 17, 2017, at 14:24, identrust--- via dev-security-policy > > > wrote: > > > > > > Hello, In

Per-intermediate CAA/problem reporting info

2017-08-28 Thread Andrew Ayer via dev-security-policy
Currently, CAA identifiers and problem reporting information are collected on a per-CA basis and published in the "CA Information Report"[1]. However, externally-operated sub-CAs generally have their own CAA identifiers and problem reporting information, and this information is not currently

Re: Regarding CA requirements as to technical infrastructure utilized in automated domain validations, etc. (if any)

2017-08-28 Thread Nick Lamb via dev-security-policy
I think that instead Ryan H is suggesting that (some) CAs are taking advantage of multiple geographically distinct nodes to run the tests from one of the Blessed Methods against an applicant's systems from several places on the Internet at once. This mitigates against attacks that are able to

RE: Remove old WoSign root certs from NSS

2017-08-28 Thread Richard Wang via dev-security-policy
We released replacement notice in Chinese in our website: https://www.wosign.com/news/announcement-about-Microsoft-Action-20170809.htm https://www.wosign.com/news/announcement-about-Google-Action-20170710.htm https://www.wosign.com/news/announcement_about_Mozilla_Action_20161024.htm And we have