Thanks for raising this, Ian.
The question and concern about QIIS is extremely reasonable. As discussed
in past CA/Browser Forum activities, some CAs have extended the definition
to treat Google Maps as a QIIS (it is not), as well as third-party WHOIS
services (they’re not; that’s using a DTP).
There have been previous discussions about this very issue at CA/Browser
Forum Validation Working Group meetings (see also draft Ballot 225). I
think it is widely recognized that the rules around QIISs are far too weak
and in need of improvement.
I actually recently asked Kirk to add an item on
Hi,
In April and May of this year, I attempted to change the address listed in Dun
& Bradstreet of my (Kentucky-incorporated) company "Stripe, Inc" to an address
in Toledo, Ohio that did not exist (185 Berry Street Toledo Ohio). I was
wondering the extent of validation Dun & Bradstreet would
On 9/26/2018 3:21 PM, Wayne Thayer wrote:
> I've held this discussion open for much longer than 3 weeks due to the
> qualified audit reports that were received from Camerfirma. Since no
> objections to the acquisition have been raised and the audit issues are
> being discussed separately [1][2], I
Hello Ramiro,
On Tue, Sep 4, 2018 at 3:13 PM Wayne Thayer wrote:
> Thank you for this response Ramiro. I have copied this to the bug [1] and
> have described Mozilla's expectations for point-in-time audits that confirm
> that these issues have been resolved.
>
> [1]
I've held this discussion open for much longer than 3 weeks due to the
qualified audit reports that were received from Camerfirma. Since no
objections to the acquisition have been raised and the audit issues are
being discussed separately [1][2], I would like to close this discussion
and the
On Wed, 26 Sep 2018 16:03:58 +
Jeremy Rowley via dev-security-policy
wrote:
> Note that I didn’t say Google controlled the policy. However, as a
> module peer, Google does have significant influence over the policy
> and what CAs are trusted by Mozilla. Although everyone can
> participate in
I'm disputing the conclusion that is being drawn from Jake's concerns,
rather than the concerns themselves. Primarily, I disagree with the
conclusion that because Google owns a browser with dominant market share
and - due to the substantial contributions they make here - because Google
has
On Wed, Sep 26, 2018 at 12:04 PM Jeremy Rowley
wrote:
> I also should also emphasize that I’m speaking as Jeremy Rowley, not as
> DigiCert.
>
>
>
> Note that I didn’t say Google controlled the policy. However, as a module
> peer, Google does have significant influence over the policy and what
Hi Richard,
A few corrections:
On Wed, Sep 26, 2018 at 11:36 AM Richard Wang via dev-security-policy <
dev-security-policy@lists.mozilla.org> wrote:
> Ryan mentioned WoSign/StartCom and 360, so I like to say some words.
>
> First, I think your idea is not a proper metaphor because 360 browser
>
I also should also emphasize that I’m speaking as Jeremy Rowley, not as
DigiCert.
Note that I didn’t say Google controlled the policy. However, as a module peer,
Google does have significant influence over the policy and what CAs are trusted
by Mozilla. Although everyone can participate in
Ryan mentioned WoSign/StartCom and 360, so I like to say some words.
First, I think your idea is not a proper metaphor because 360 browser can't
compare to Google browser, Google browser have absolutely strong market share
to say YES/NO to all CAs, but I am sure not to Google CA.
Second, I
On 26/09/2018 09:43 πμ, Ryan Sleevi via dev-security-policy wrote:
> (While covered in https://wiki.mozilla.org/CA/Policy_Participants , I'm
> going to emphasize that this response is in a personal capacity)
>
> On Wed, Sep 26, 2018 at 12:10 AM Jeremy Rowley via dev-security-policy <
>
Hello
Thank you for your exchanges. We hope that the additions below will answer your
questions.
Was the action required to manually override the CAA validation failure
different from what would be required if the CAA validation had succeeded?
Could an operator have just "clicked the same
(While covered in https://wiki.mozilla.org/CA/Policy_Participants , I'm
going to emphasize that this response is in a personal capacity)
On Wed, Sep 26, 2018 at 12:10 AM Jeremy Rowley via dev-security-policy <
dev-security-policy@lists.mozilla.org> wrote:
> Jake's concern is legit if you believe
15 matches
Mail list logo
