I've created a bug to track this issue:
https://bugzilla.mozilla.org/show_bug.cgi?id=1625715
- Wayne
On Thu, Mar 26, 2020 at 11:33 PM Matt Palmer via dev-security-policy <
dev-security-policy@lists.mozilla.org> wrote:
> At 2020-03-20 03:02:43 UTC, I sent a notification to sslab...@sectigo.com
>
On Sat, Mar 28, 2020 at 6:39 PM Ian Carroll via dev-security-policy <
dev-security-policy@lists.mozilla.org> wrote:
> Hi Ryan,
>
> I don't see a reason why any obligation in 9.6.3 is not fulfillable by
> changing the obligation from a subscriber's notification to revoke to the
> CA, to an
On Thursday, March 26, 2020 at 2:23:11 PM UTC-7, Ryan Sleevi wrote:
> On Thu, Mar 26, 2020 at 4:45 PM Ian Carroll via dev-security-policy
> wrote:
> >
> > Hi all,
> >
> > A recent thread on CAs using contractual terms to revoke certificates has
> > made me want to bring up a topic that I am
Thank you Matt. I really appreciate the detailed summary and look forward
to your specific improvement proposals.
- Wayne
On Sat, Mar 28, 2020 at 1:12 AM Matt Palmer via dev-security-policy <
dev-security-policy@lists.mozilla.org> wrote:
> I've been asked to provide some "big-picture" thoughts
I've been asked to provide some "big-picture" thoughts on how the process
for key compromise revocations works, doesn't work, and could be improved.
This is based on the work that I've done over the past month or so,
requesting revocation of certificates which have had their private keys
5 matches
Mail list logo