On Mon, Jan 7, 2019 at 6:05 AM Rob Stradling wrote:
> On 02/01/2019 22:40, Wayne Thayer via dev-security-policy wrote:
>
> > Yes, the idea is that CT could remove the need to enforce intermediate
> > disclosures via policy.
>
> Hi Wayne. That seems at odds with (my understanding of) the
On 02/01/2019 14:10, Rob Stradling via dev-security-policy wrote:
> On 02/01/2019 13:44, info--- via dev-security-policy wrote:
>> We're reviewing what happened with this subCA, because it's reported to the
>> CCADB (like all other subCAs). At the moment we've seen that there are two
>>
On 02/01/2019 22:40, Wayne Thayer via dev-security-policy wrote:
> Yes, the idea is that CT could remove the need to enforce intermediate
> disclosures via policy.
Hi Wayne. That seems at odds with (my understanding of) the purpose of
the disclosure requirement.
The relevant phrase in the
On 03/01/2019 16:46, Kurt Roeckx wrote:
On 2019-01-03 16:25, Jakob Bohm wrote:
There is the date fields in the SubCA certificate itself, as well as any
embedded CT data (assuming the parent CA is correctly CT-logged).
Do you expect precertificates for CA certificates?
I currently don't know
On 2019-01-03 16:25, Jakob Bohm wrote:
There is the date fields in the SubCA certificate itself, as well as any
embedded CT data (assuming the parent CA is correctly CT-logged).
Do you expect precertificates for CA certificates?
I currently don't know if there are any requirements for logging
On 02/01/2019 23:40, Wayne Thayer wrote:
> On Wed, Jan 2, 2019 at 11:32 AM Jakob Bohm via dev-security-policy <
> dev-security-policy@lists.mozilla.org> wrote:
>
>> On 02/01/2019 17:17, Wayne Thayer wrote:
>>> The options to consider are:
>>> 1. Continue with current policy of treating
On Wed, Jan 2, 2019 at 11:32 AM Jakob Bohm via dev-security-policy <
dev-security-policy@lists.mozilla.org> wrote:
> On 02/01/2019 17:17, Wayne Thayer wrote:
> > The options to consider are:
> > 1. Continue with current policy of treating non-disclosure of
> unconstrained
> > intermediates as an
On Wed, Jan 2, 2019 at 1:32 PM Jakob Bohm via dev-security-policy <
dev-security-policy@lists.mozilla.org> wrote:
> > 2. Change our policy to state that any undisclosed intermediate we
> discover
> > will be immediately and permanently added to OneCRL.
>
> This needs adding some logical criteria,
On Wed, Jan 2, 2019 at 11:18 AM Wayne Thayer via dev-security-policy <
dev-security-policy@lists.mozilla.org> wrote:
> The options to consider are:
> 1. Continue with current policy of treating non-disclosure of unconstrained
> intermediates as an incident. This could eventually lead to having
On Wed, Jan 2, 2019 at 7:10 AM Rob Stradling via dev-security-policy <
dev-security-policy@lists.mozilla.org> wrote:
> On 02/01/2019 13:44, info--- via dev-security-policy wrote:
> > El miércoles, 2 de enero de 2019, 12:49:52 (UTC+1), Rob Stradling
> escribió:
> >> On 09/10/2018 23:53, Wayne
On 02/01/2019 13:44, info--- via dev-security-policy wrote:
> El miércoles, 2 de enero de 2019, 12:49:52 (UTC+1), Rob Stradling escribió:
>> On 09/10/2018 23:53, Wayne Thayer wrote:
>>> On Tue, Oct 9, 2018 at 3:43 AM Rob Stradling wrote:
>>> Wayne, Kathleen:
>>> Given the number of
El miércoles, 2 de enero de 2019, 12:49:52 (UTC+1), Rob Stradling escribió:
> On 09/10/2018 23:53, Wayne Thayer wrote:
> > On Tue, Oct 9, 2018 at 3:43 AM Rob Stradling wrote:
> > Wayne, Kathleen:
> > Given the number of times that all the CAs in Mozilla's Root Program
> > have been
On 09/10/2018 23:53, Wayne Thayer wrote:
> On Tue, Oct 9, 2018 at 3:43 AM Rob Stradling wrote:
> Wayne, Kathleen:
> Given the number of times that all the CAs in Mozilla's Root Program
> have been reminded about Mozilla's requirements for disclosing
> intermediate certs, I wouldn't
On 09/10/2018 23:53, Wayne Thayer wrote:
> - DigiCert
>
> Looks like DigiCert disclosed these within a few hours of your email.
Yes, but I hope that DigiCert will provide an incident report so that we
can understand why DigiCert's "processes in place to ensure that these
requirements
Thank you Rob.
On Tue, Oct 9, 2018 at 3:43 AM Rob Stradling via dev-security-policy <
dev-security-policy@lists.mozilla.org> wrote:
> "ACTION 6" of Mozilla's September 2018 CA Communication [1] reminded CAs
> of the Mozilla Root Store Policy requirement [2] that
> non-technically-constrained
[ Please reply to list, Mozilla NNTP<->mail gateway seems to insert
wrong Reply-To ]
Telia is a notable case as this seems to be a brand new Intermediary
created but not disclosed 1 month ago.
On 09/10/2018 12:43, Rob Stradling wrote:
"ACTION 6" of Mozilla's September 2018 CA Communication [1]
[ Please reply to list, Mozilla NNTP<->mail gateway seems to insert
wrong Reply-To ]
It appears from the data that SwissSign has reacted to the requirement
by starting to log some of their existing intermediaries in CT, instead
of in CCADB. At least at a cursory glance.
On 09/10/2018 12:43,
"ACTION 6" of Mozilla's September 2018 CA Communication [1] reminded CAs
of the Mozilla Root Store Policy requirement [2] that
non-technically-constrained intermediate CA certificates...
"MUST be publicly disclosed in the CCADB by the CA that has their
certificate included in Mozilla's
18 matches
Mail list logo
