Re: Policy 2.7 Proposal: Incident Reporting Updates

On Tue, Oct 22, 2019 at 9:51 PM Wayne Thayer via dev-security-policy < dev-security-policy@lists.mozilla.org> wrote: > I have added this proposal to the 2.7 branch: > > https://github.com/mozilla/pkipolicy/commit/fa843039285b10030490c7eb54d1b754edae1fbc > > I will greatly appreciate everyone's

Re: Policy 2.7 Proposal: Incident Reporting Updates

Having received no comments, I did not add the proposed guidance on status update frequency, but I did make the "marked as resolved" change that Jeremy suggested: https://github.com/mozilla/pkipolicy/commit/bad3fedc10e1fe9d5237760093ad235326e3bd62 An additional related change has been proposed in

Re: Policy 2.7 Proposal: Forbid Delegation of Email Validation for S/MIME Certificates

On Tue, Oct 22, 2019 at 4:23 PM Ryan Sleevi wrote: > > On Tue, Oct 22, 2019 at 6:31 PM Wayne Thayer via dev-security-policy < > dev-security-policy@lists.mozilla.org> wrote: > >> > I'm also not sure if I understand the wording correctly. Let's assume, >> an >> > internal CA of company

Re: Firefox removes UI for site identity

The primary purpose of forwarding the Intent to Ship email to this list was to inform the community of this planned change and the reasoning behind it. Mozilla considered lots of information prior to announcing the change, and during the vigorous debate that ensued, we continued to listen without

Re: Firefox removes UI for site identity

On Tue, Oct 22, 2019 at 03:35:52PM -0700, Kirk Hall via dev-security-policy wrote: > I also have a question for Mozilla on the removal of the EV UI. This is a mischaracterisation. The EV UI has not been removed, it has been moved to a new location. > So my question to Mozilla is, why did

Re: Policy 2.7 Proposal: Forbid Delegation of Email Validation for S/MIME Certificates

On Tue, Oct 22, 2019 at 6:31 PM Wayne Thayer via dev-security-policy < dev-security-policy@lists.mozilla.org> wrote: > > I'm also not sure if I understand the wording correctly. Let's assume, an > > internal CA of company "mycompany" gets successfully validated for > > mycompany.example and

Re: Firefox removes UI for site identity

On Tue, Oct 22, 2019 at 1:38 PM Paul Walsh via dev-security-policy < dev-security-policy@lists.mozilla.org> wrote: > Thanks Johann. Much appreciated. Would you be kind enough to email me a > screen shot to save me the trouble of installing an older version and then > waiting for an update? :) > >

Re: Firefox removes UI for site identity

I also have a question for Mozilla on the removal of the EV UI. This issue started with a posting by Mozilla on August 12, but despite 237 subsequent postings from many members of the Mozilla community, I don't think Mozilla staff ever responded to anything or anyone - not to explain or

Re: Policy 2.7 Proposal: Forbid Delegation of Email Validation for S/MIME Certificates

On Tue, Oct 22, 2019 at 10:59 AM Buschart, Rufus via dev-security-policy < dev-security-policy@lists.mozilla.org> wrote: > > > Sounds good. This was your proposed response to solving this issue > > > back on May 13, so it's full circle :) > > > > > > > > > I'm going to consider this issue

Re: Policy 2.7 Proposal:Extend Section 8 to Encompass Subordinate CAs

I made a change to the new section 8.1 language intended to include in the scope both the transfer of existing subordinate CA certificates and the signing of new subordinate CA certificates that are controlled by an organization other than the CA:

Re: Firefox removes UI for site identity

Thanks Johann. Much appreciated. Would you be kind enough to email me a screen shot to save me the trouble of installing an older version and then waiting for an update? :) Thanks, - Paul > On Oct 22, 2019, at 1:29 PM, Johann Hofmann wrote: > > Hi Paul, > > thanks for the heads up. This

Re: Firefox removes UI for site identity

Hi Paul, thanks for the heads up. This wasn't intentional and I've reached out to get the security UI changes added to the release notes for 70. You're right that this is significant enough to be included. The page should be updated very soon, so that most users will see the new version (due to

Firefox removes UI for site identity

Directly question for Mozilla. Today, the website identity UI was removed from Firefox. “We" new it was coming. But millions of users didn’t. Why wasn’t this mentioned in the release notes on the page that’s automatically opened following the update? Someone might say “they didn’t know it

AW: Policy 2.7 Proposal: Forbid Delegation of Email Validation for S/MIME Certificates

> > Sounds good. This was your proposed response to solving this issue > > back on May 13, so it's full circle :) > > > > > > I'm going to consider this issue resolved unless there are further > > comments. > > Just checking whether the following is acceptable. > > If a CA validates the

Re: Policy 2.7 Proposal: Forbid Delegation of Email Validation for S/MIME Certificates

On 2019-10-22 7:28 μ.μ., Wayne Thayer wrote: The CA SHALL NOT delegate validation of the domain part of an e-mail address. This is https://github.com/mozilla/pkipolicy/commit/85ae5a1b37ca8e5138d56296963195c3c7dec85a Sounds good.

Re: Policy 2.7 Proposal: Forbid Delegation of Email Validation for S/MIME Certificates

On Mon, Oct 21, 2019 at 7:01 PM Ryan Sleevi wrote: > > On Mon, Oct 21, 2019 at 7:58 PM Wayne Thayer wrote: > >> The CA MUST verify all e-mail addresses using a process that is >>> substantially similar to the process used to verify domain names, as >>> described in the Baseline Requirements.