Re: OISTE WISeKey Global Root GC CA Root Inclusion Request

I believe that all of the concerns related to this request for inclusion of the OISTE WISeKey Global Root GC CA have been addressed. I am now closing this discussion with a recommendation to approve this request. Any further comments should be added directly to the bug [1]. - Wayne [1]

Re: Misissuance and BR Audit Statements

I went ahead and noted these DigiCert audits as a concern on the CCADB record for Scott S. Perry CPA, PLLC. I do think it's important for CAs to disclose these issues to their auditors, but I also expect auditors to discover them. - Wayne On Wed, Aug 15, 2018 at 8:21 AM Ben Wilson wrote: >

Re: DEFCON Talk - Lost and Found Certificates

On Mon, Aug 13, 2018 at 8:10 PM, Wayne Thayer via dev-security-policy < dev-security-policy@lists.mozilla.org> wrote: > I'd like to call this presentation to everyone's attention: > > Title: Lost and Found Certificates: dealing with residual certificates for > pre-owned domains > > Slide deck: >

RE: Misissuance and BR Audit Statements

Re-sending -Original Message- From: Ben Wilson Sent: Wednesday, August 15, 2018 8:34 AM To: 'r...@sleevi.com' ; Wayne Thayer Cc: mozilla-dev-security-policy Subject: RE: Misissuance and BR Audit Statements Thanks, Ryan and Wayne, Going forward we'll work to improve our management

RE: Misissuance and BR Audit Statements

Thanks, Ryan and Wayne, Going forward we'll work to improve our management letter disclosures to include reported mis-issuances during the audit period. Sincerely yours, Ben -Original Message- From: dev-security-policy On Behalf Of Ryan Sleevi via dev-security-policy Sent: Monday,

Re: DEFCON Talk - Lost and Found Certificates

On 14/08/2018 02:10, Wayne Thayer wrote: I'd like to call this presentation to everyone's attention: Title: Lost and Found Certificates: dealing with residual certificates for pre-owned domains Slide deck:

Re: Do We Now Require Separate Cross-certificates for SSL and S/MIME?

The updated 2.6.1 version of the Mozilla Root Store policy resulting from this discussion is now published: https://www.mozilla.org/en-US/about/governance/policies/security-group/certs/policy/ - Wayne On Mon, Aug 6, 2018 at 3:28 PM Wayne Thayer wrote: > Having received no comments on this

DEFCON Talk - Lost and Found Certificates

I'd like to call this presentation to everyone's attention: Title: Lost and Found Certificates: dealing with residual certificates for pre-owned domains Slide deck:

Re: Misissuance and BR Audit Statements

Wayne, Thanks for raising this. I definitely find it surprising to see nothing noted on Comodo's report, as you call out. As another datapoint, consider this recent audit that is reported to be from DigiCert, by way of Amazon Trust Services' providing the audits for their externally operated