On Tuesday, January 8, 2019 at 3:12:26 PM UTC-5, Wayne Thayer wrote:
> Thanks Corey, Ryan, and Jonathan.
>
> In one of the bugs that Ryan created, the CA stated that it's not clear if
> or when Mozilla requires revocation of these P-521 certificates. I believe
> the answe
Jakob Bohm via dev-security-policy
writes:
>On 11/01/2019 13:04, Peter Gutmann wrote:
>> Jason via dev-security-policy writes:
>>
>>> I would say that the problem here would be that a child certificate can't
>>> use
>>> a higher cryptography level than the issuer
>>
>>Why not? If the
On 11/01/2019 13:04, Peter Gutmann wrote:
> Jason via dev-security-policy writes:
>
>> I would say that the problem here would be that a child certificate can't use
>> a higher cryptography level than the issuer
>
> Why not? If the issuer uses strong-enough crypto, what difference does it
>
Jason via dev-security-policy writes:
>I would say that the problem here would be that a child certificate can't use
>a higher cryptography level than the issuer
Why not? If the issuer uses strong-enough crypto, what difference does it
make what the child uses?
Peter.
On 10/01/2019 15:38, Jason wrote:
I would say that the problem here would be that a child certificate can't use a
higher cryptography level than the issuer, this is agains good practices and,
AFAIK, agains the Webtrust audit criteria.
Jason
Note that the only one of all these certificates
Jason - where did you see this requirement?
-Original Message-
From: dev-security-policy On
Behalf Of Jason via dev-security-policy
Sent: Thursday, January 10, 2019 9:38 AM
To: mozilla-dev-security-pol...@lists.mozilla.org
Subject: Re: P-521 Certificates
I would say that the problem
I would say that the problem here would be that a child certificate can't use a
higher cryptography level than the issuer, this is agains good practices and,
AFAIK, agains the Webtrust audit criteria.
Jason
___
dev-security-policy mailing list
Adding some data points for use by future readers of this thread.
On 08/01/2019 03:26, Corey Bonnell wrote:
> (Posting in a personal capacity as I am no longer employed by Trustwave)
>
> Mozilla Root Store Policy section 5.1
>
Thanks Corey, Ryan, and Jonathan.
In one of the bugs that Ryan created, the CA stated that it's not clear if
or when Mozilla requires revocation of these P-521 certificates. I believe
the answer is that we do not require revocation. Our policy (section 6)
explicitly requires CAs to abide
On Mon, Jan 7, 2019, at 21:26, Corey Bonnell via dev-security-policy wrote:
> (Posting in a personal capacity as I am no longer employed by Trustwave)
>
> Mozilla Root Store Policy section 5.1
> (https://www.mozilla.org/en-US/about/governance/policies/security-group/certs/policy/)
>
>
10 matches
Mail list logo