RE: November 2017 CA Communication ACTION 1 April 15 2018 date question

2017-11-17 Thread Arkadiusz Ławniczak via dev-security-policy
Thanks Gerv We have a situation in which our last WT audit is for the period ending on April 14,2017. As we know the audit is valid until the next audit is started. That is, that the next WT audit must be for period starting on April 15,2017 and ending not later than April 14,2018. The

Re: November 2017 CA Communication ACTION 1 April 15 2018 date question

2017-11-17 Thread Gervase Markham via dev-security-policy
On 17/11/17 00:26, Arkadiusz Ławniczak wrote: > [...] I do not see such requirement in the Policy or even by > searching m.d.s list.. Maybe I missed something. Does anybody know > where did it come from? https://github.com/mozilla/pkipolicy/blob/2.5/rootstore/policy.md section 5.3.1. However,

Re: Termination of the certificates business of Startcom

2017-11-17 Thread joachim.bauernberger--- via dev-security-policy
I worked as Director of Engineering for an investor[1] who helped bootstrap StartCom. StartCom was back then the first successful firm from the Authenticity Institute portfolio. I joined Authenticity because I thought it could really shake up the certification industry. I quit after 6 months

Re: Question on CAA processing for mixed wildcard and non-wildcard SAN DNS names

2017-11-17 Thread Quirin Scheitle via dev-security-policy
Dear Corey, Dear Jeremy, thank you for your responses! I had seen a certificate with this pattern, and confirmed by your answers have done a more complete scan. I found 5 certificates with that pattern that had CAA records set at issuance time (approximated by “not valid before” and SCT)

Embedding improper SCTs into OCSP Responses

2017-11-17 Thread Compliance SwissSign via dev-security-policy
Embedding improper SCTs into OCSP Responses (SwissSign) 1. How your CA first became aware of the problem (e.g. via a problem report submitted to your Problem Reporting Mechanism, a discussion in mozilla.dev.security.policy, a Bugzilla bug, or internal self-audit), and the time and date. On

Termination of the certificates business of Startcom

2017-11-17 Thread 谭晓生 via dev-security-policy
Dear all, This is the Chairman of StartCom's board, Xiaosheng Tan. StartCom has experienced a very difficult time in our re-inclusion process. Due to some comments and decisions made by the Mozilla community, which are followed by some other browsers, StartCom’s board made a difficult but

November 2017 CA Communication ACTION 1 April 15 2018 date question

2017-11-17 Thread Arkadiusz Ławniczak via dev-security-policy
Hi All When reading a list of the main changes incorporated in the Mozilla Root Store Policy 2.5 I found that: [...] By April 15, 2018, all intermediate certificates (that chain up to root certificates included in Mozilla's program) that are capable of issuing S/MIME certificates but are not