Re: FNMT: Public Discussion of Root Inclusion Request

FNMT provided the following clarification regarding its audits: *Audits:* Annual audits are performed by AENOR Internacional. The most recent audit was completed by AENOR, for the period ending January 12, 2020, according to ETSI EN 319 411-1 audit criteria (OVCP: Organizational Validation

Re: SECURITY RELEVANT FOR CAs: The curious case of the Dangerous Delegated Responder Cert

> I realize this is almost entirely critical, and I hope it's taken as > critical of the proposal, not of the investment or interest in this space. Not a problem for being critical and we don’t take it personally. We appreciate the discussion, the time you spend and the opportunity to propose

Re: SECURITY RELEVANT FOR CAs: The curious case of the Dangerous Delegated Responder Cert

On Wed, Nov 18, 2020 at 8:19 AM Nils Amiet via dev-security-policy < dev-security-policy@lists.mozilla.org> wrote: > We have carefully read your email, and believe we’ve identified the > following > important points: > > 1. Potential feasibility issue due to lack of path building support > > 2.

Re: FNMT: Public Discussion of Root Inclusion Request

On Wed, 18 Nov 2020, 01:06 Ben Wilson via dev-security-policy, wrote: > > All, > > This is to announce the beginning of the public discussion phase of the > Mozilla root CA inclusion process for Fábrica Nacional de Moneda y Timbre > (FNMT)’s request to include the AC RAIZ FNMT-RCM SERVIDORES

Re: CCADB Proposal: Add field called Full CRL Issued By This CA

On Wednesday, November 18, 2020 at 3:07:32 PM UTC-8, Kathleen Wilson wrote: > All, > > The following changes have been made in the CCADB: > > On Intermediate Cert pages: > - Renamed section heading ‘Revocation Information’ to ‘Revocation > Information for this Certificate’ > - Added section

Re: Audit Reminder Email Summary

Forwarded Message Subject: Summary of November 2020 Audit Reminder Emails Date: Tue, 17 Nov 2020 20:01:50 + (GMT) Mozilla: Audit Reminder CA Owner: Google Trust Services LLC (GTS) Root Certificates: GTS Root R2 GTS Root R3 GTS Root R4 GTS Root R1 GlobalSign

Re: CCADB Proposal: Add field called Full CRL Issued By This CA

All, The following changes have been made in the CCADB: On Intermediate Cert pages: - Renamed section heading ‘Revocation Information’ to ‘Revocation Information for this Certificate’ - Added section called ‘Pertaining to Certificates Issued by this CA’ - Added 'Full CRL Issued By This CA'

Re: SECURITY RELEVANT FOR CAs: The curious case of the Dangerous Delegated Responder Cert

On 2020-11-18 16:36, Ryan Sleevi wrote: On Wed, Nov 18, 2020 at 8:19 AM Nils Amiet via dev-security-policy < dev-security-policy@lists.mozilla.org> wrote: We have carefully read your email, and believe we’ve identified the following important points: 1. Potential feasibility issue due to lack

Re: CCADB Proposal: Add field called Full CRL Issued By This CA

On Wed, Nov 18, 2020 at 7:57 PM Ryan Hurst via dev-security-policy < dev-security-policy@lists.mozilla.org> wrote: > Kathleen, > > This introduces an interesting question, how might Mozilla want to see > partial CRLs be discoverable? Of course, they are pointed to by the > associated CRLdp but is