Yes, we can punt the problem down a few years, by allowing CAs to
self-report in unauditable ways, and shift the burden of evaluation on to
the community to try and detect CAs misbehaving.
Or we can take sensible steps forward that nip the problem at its root,
don’t require misunderstanding or
Perhaps a simple first step is to mandate disclosure of which information
source was used for validation. Then if someone uses Google Maps or
similar, People Who Pay Attention To Such Things can start a public
discussion about whether the source is a QIIS, and whether the certificate
is
On Fri, Sep 28, 2018 at 12:29 PM Eric Mill wrote:
>
>
> On Thu, Sep 27, 2018 at 5:22 PM Wayne Thayer via dev-security-policy <
> dev-security-policy@lists.mozilla.org> wrote:
>
>> Visa has filed a bug [1] requesting removal of the eCommerce root from the
>> Mozilla root store. Visa has also
On Thu, Sep 27, 2018 at 5:22 PM Wayne Thayer via dev-security-policy <
dev-security-policy@lists.mozilla.org> wrote:
> Visa has filed a bug [1] requesting removal of the eCommerce root from the
> Mozilla root store. Visa has also responded to the information requested in
> the qualified audits
Yves,
Thank you for bringing this to our attention. Section 8.1 of the Mozilla
Root Store policy [1] applies here. It is not completely clear to me that
50% ownership is a "controlling stake", but even if it is, InfoCert is
already a member of the Mozilla root program by way of its acquisition of
On Thursday, September 27, 2018 at 10:22:05 PM UTC-7, Dimitris Zacharopoulos
wrote:
> Forgive my ignorance, but could you please explain what was your
> ultimate goal, as "an attacker", what were you hoping to gain and how
> could you use this against Relying Parties?
>
> I read your email
On Fri, Sep 28, 2018 at 1:22 AM Dimitris Zacharopoulos via
dev-security-policy wrote:
>
> Forgive my ignorance, but could you please explain what was your
> ultimate goal, as "an attacker", what were you hoping to gain and how
> could you use this against Relying Parties?
>
> I read your email
7 matches
Mail list logo
