Re: Guang Dong Certificate Authority (GDCA) root inclusion request

在 2016年11月15日星期二 UTC+8上午8:51:25，Kathleen Wilson写道： > On Friday, October 28, 2016 at 7:29:56 AM UTC-7, wangs...@gmail.com wrote: > > We have uploaded the lastest translantion of CP/CPS. > > CP: https://bugzilla.mozilla.org/attachment.cgi?id=8805543 > > CPS:

Re: Guang Dong Certificate Authority (GDCA) root inclusion request

On Wednesday, August 3, 2016 at 2:45:23 PM UTC-7, Kathleen Wilson wrote: > This request from Guangdong Certificate Authority (GDCA) is to include the > "GDCA TrustAUTH R5 ROOT" certificate, turn on the Websites trust bit, and > enabled EV treatment. > > GDCA is a nationally recognized CA that

Re: Apple's response to the WoSign incidents

On Tuesday, November 15, 2016 at 12:37:56 AM UTC-8, Thijs Alkemade wrote: > On 13 Nov 2016, at 10:08, Percy wrote: > > > > I just found out that Apple doesn't limit "CA 沃通免费SSL证书 G2" intermediate CA > > even though Apple limited "WoSign CA Free SSL Certificate G2"

Re: Apple's response to the WoSign incidents

On 13 Nov 2016, at 10:08, Percy wrote: > > I just found out that Apple doesn't limit "CA 沃通免费SSL证书 G2" intermediate CA > even though Apple limited "WoSign CA Free SSL Certificate G2" intermediate > CA. An example of site signed by"CA 沃通免费SSL证书 G2" intermediate CA is >

Re: Technically Constrained Sub-CAs

On 15/11/16 05:39, Ryan Sleevi wrote: > I think it'd be useful to resolve the questions I asked on this thread > - > https://groups.google.com/d/msg/mozilla.dev.security.policy/ZMUjQ6xHrDA/ySofsF_PAgAJ > - to figure out what Mozilla expects/wants of TCSCs with respect to > the BRs, as that seems

Re: Guang Dong Certificate Authority (GDCA) root inclusion request

On Tuesday, November 15, 2016 at 6:03:07 AM UTC-5, wangs...@gmail.com wrote: > 在 2016年11月15日星期二 UTC+8上午8:51:25，Kathleen Wilson写道： > > On Friday, October 28, 2016 at 7:29:56 AM UTC-7, wangs...@gmail.com wrote: > > > We have uploaded the lastest translantion of CP/CPS. > > > CP:

Re: Guang Dong Certificate Authority (GDCA) root inclusion request

在 2016年11月15日星期二 UTC+8下午7:03:07，wangs...@gmail.com写道： > 在 2016年11月15日星期二 UTC+8上午8:51:25，Kathleen Wilson写道： > > On Friday, October 28, 2016 at 7:29:56 AM UTC-7, wangs...@gmail.com wrote: > > > We have uploaded the lastest translantion of CP/CPS. > > > CP:

Re: Guang Dong Certificate Authority (GDCA) root inclusion request

On 15/11/2016 18:10, Han Yuwei wrote: 在 2016年11月15日星期二 UTC+8下午7:03:07，wangs...@gmail.com写道： 在 2016年11月15日星期二 UTC+8上午8:51:25，Kathleen Wilson写道： On Friday, October 28, 2016 at 7:29:56 AM UTC-7, wangs...@gmail.com wrote: We have uploaded the lastest translantion of CP/CPS. CP:

Re: SHA-1 Phase-out

On Tue, Nov 15, 2016 at 7:25 AM, Kurt Roeckx wrote: > > - If it's an enterprise root they need to switch to SHA-2 This is a lot easier said than done for many organizations. Depending on the CA software this might be a small configuration change or might involve a very large

Re: Guang Dong Certificate Authority (GDCA) root inclusion request

在 2016年11月15日星期二 UTC+8下午5:53:19，Gervase Markham写道： > On 15/11/16 08:39, Percy wrote: > > I posted on the solidot (Chinese Slashdot) about this. The majority > > comments want the application rejected. > >

Re: SHA-1 Phase-out

On 2016-11-15 16:19, Gervase Markham wrote: On 15/11/16 12:20, jansomar...@gmail.com wrote: I would step in to your discussion if you don't mind. My question is very similar to the original one but in regards to internal usage of SHA-1 signed certs. We are running large number of network devs

Re: Guang Dong Certificate Authority (GDCA) root inclusion request

Agree with Gerv & Tony, More patience should be given if they want to improve. And I don’t think “I posted on the solidot (Chinese Slashdot) about this. The majority comments want the application rejected. “is enough to be the reason to reject the request. For many Chinese companies, they do

Re: Guang Dong Certificate Authority (GDCA) root inclusion request

在 2016年11月16日星期三 UTC+8上午1:11:05，Han Yuwei写道： > 在 2016年11月15日星期二 UTC+8下午7:03:07，wangs...@gmail.com写道： > > 在 2016年11月15日星期二 UTC+8上午8:51:25，Kathleen Wilson写道： > > > On Friday, October 28, 2016 at 7:29:56 AM UTC-7, wangs...@gmail.com wrote: > > > > We have uploaded the lastest translantion of CP/CPS.

Re: Guang Dong Certificate Authority (GDCA) root inclusion request

在 2016年11月16日星期三 UTC+8上午6:35:22，Kathleen Wilson写道： > On Tuesday, November 15, 2016 at 10:41:28 AM UTC-8, Peter Bowen wrote: > > I think Mozilla needs to update its guidance to CAs. The information > > checklist directions > >

Re: Guang Dong Certificate Authority (GDCA) root inclusion request

On Tue, Nov 15, 2016 at 3:02 AM, wrote: > > Because we misunderstand that we only need to provide the related chapters of > CP/CPS in English, and non-related sections are not required. We are terribly > sorry that we misinterpreted your requirement and upload an

Audit Reminder Email Summary

Here's a summary of the audit reminder emails that were sent today. The following is now automatically generated when the audit reminder emails get sent. Forwarded Message Subject: Summary of November 2016 Audit Reminder Emails Date: Tue, 15 Nov 2016 20:00:42 + (GMT)

UI Improvement in Certificate details

Li-Chun CHEN from Chunghwa Telecom would like to push for a UI improvement to properly display subject information in certificate details for FF (and others). In order to assist him, I prepared some text to be included in an improvement bug for Mozilla products and will try sending similar

Re: Guang Dong Certificate Authority (GDCA) root inclusion request

On Tuesday, November 15, 2016 at 10:41:28 AM UTC-8, Peter Bowen wrote: > I think Mozilla needs to update its guidance to CAs. The information > checklist directions > (https://wiki.mozilla.org/CA:Information_checklist#Verification_Policies_and_Practices) > says "If the CP/CPS documents are not in

Re: Technically Constrained Sub-CAs

On Tue, Nov 15, 2016 at 04:27:09PM +0100, Gervase Markham wrote: > I certainly think our view of redaction will be driven by use cases. > AIUI, you are strongly encouraging use cases to be brought to the IETF. > However, if 6962bis is in Last Call, and won't be updated, is the TRANS > group still

Re: Technically Constrained Sub-CAs

On Tuesday, 15 November 2016 09:35:17 UTC, Jakob Bohm wrote: > The HTTPS-everywhere tendency, including the plans of some people to > completely remove unencrypted HTTP from implementations, makes it > necessary for non-public stuff connected to the Internet to get > Internet-compatible TLS

Re: Include Symantec-brand Class 1 and Class 2 Root Certs

This request from Symantec is to only enable the Email trust bit for the following 4 root certificates that will eventually replace the VeriSign-brand class 1 and 2 root certs that are currently included in NSS. 1) Symantec Class 1 Public Primary Certification Authority - G6 2) Symantec Class 2

Re: SHA-1 Phase-out

Hello Guys, I would step in to your discussion if you don't mind. My question is very similar to the original one but in regards to internal usage of SHA-1 signed certs. We are running large number of network devs acting as a proxy and users need to authenticate in order to access some of the

Re: Technically Constrained Sub-CAs

On Tue, Nov 15, 2016 at 7:27 AM, Gervase Markham wrote: > I certainly think our view of redaction will be driven by use cases. > AIUI, you are strongly encouraging use cases to be brought to the IETF. > However, if 6962bis is in Last Call, and won't be updated, is the TRANS >