Re: Include Symantec-brand Class 1 and Class 2 Root Certs

-brand Class 1 and Class 2 root certs and enable the email trust bit for them. I am now closing this discussion and will recommend approval in the bug. https://bugzilla.mozilla.org/show_bug.cgi?id=833986 Any further follow-up on this request should be added directly to the bug. Thanks, Ka

Re: Include Symantec-brand Class 1 and Class 2 Root Certs

ecurity-policy-requ...@lists.mozilla.org> wrote: > > Re: Include Symantec-brand Class 1 and Class 2 Root Certs ___ dev-security-policy mailing list dev-security-policy@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-security-policy

Re: Include Symantec-brand Class 1 and Class 2 Root Certs

On 16/11/2016 00:58, Kathleen Wilson wrote: This request from Symantec is to only enable the Email trust bit for the following 4 root certificates that will eventually replace the VeriSign-brand class 1 and 2 root certs that are currently included in NSS. 1) Symantec Class 1 Public Primary

Re: Include Symantec-brand Class 1 and Class 2 Root Certs

This request from Symantec is to only enable the Email trust bit for the following 4 root certificates that will eventually replace the VeriSign-brand class 1 and 2 root certs that are currently included in NSS. 1) Symantec Class 1 Public Primary Certification Authority - G6 2) Symantec Class 2

Re: Include Symantec-brand Class 1 and Class 2 Root Certs

On Fri, Oct 07, 2016 at 09:05:37PM +0200, Jakob Bohm wrote: > On 07/10/2016 19:14, Kathleen Wilson wrote: > >On Thursday, October 6, 2016 at 4:27:10 PM UTC-7, Peter Bowen wrote: > >>It isn't > >>clear to me that the subordinate CA disclosure rule even applies to > >>e-mail only roots. > > > >We

Re: Include Symantec-brand Class 1 and Class 2 Root Certs

On 07/10/2016 19:14, Kathleen Wilson wrote: On Thursday, October 6, 2016 at 4:27:10 PM UTC-7, Peter Bowen wrote: On Thu, Oct 6, 2016 at 3:57 PM, Richard Barnes wrote: I seem to recall we had some discussion a while back about what criteria should be applied to email CAs. Where did we end up

Re: Include Symantec-brand Class 1 and Class 2 Root Certs

On Thursday, October 6, 2016 at 4:27:10 PM UTC-7, Peter Bowen wrote: > On Thu, Oct 6, 2016 at 3:57 PM, Richard Barnes wrote: > > I seem to recall we had some discussion a while back about what criteria > > should be applied to email CAs. Where did we end up on that? > > I don't believe anything

Re: Include Symantec-brand Class 1 and Class 2 Root Certs

On Thu, Oct 6, 2016 at 3:57 PM, Richard Barnes wrote: > I seem to recall we had some discussion a while back about what criteria > should be applied to email CAs. Where did we end up on that? I don't believe anything was settled. There is one small item in the CA policy:

Re: Include Symantec-brand Class 1 and Class 2 Root Certs

On Thu, Oct 6, 2016 at 12:09 PM, Kathleen Wilson wrote: > This request from Symantec is to include the following 4 root certificates > and enable the Email trust bit for them. > To be clear: The request is for *only* the email trust bit to be set? I seem to recall we had

Re: Include Symantec-brand Class 1 and Class 2 Root Certs

Thanks Kathleen. I have no substantive objections to this inclusion (with only the Email trust bit to be set) at this time but I do have a minor editorial nitpick which might as well go back to Symantec while we're here. On page 1 of the Introduction of the CP document, a footnote refers to