Re: FNMT: Public Discussion of Root Inclusion Request

Matthias, Have you been able to obtain the CPS downloadable from here: https://www.sede.fnmt.gob.es/en/dpcs/ac-servidores-seguros-tipo-1 or here: https://www.sede.fnmt.gob.es/en/dpcs/ac-servidores-seguros-tipo-2 ? (They both lead to the same CPS v. 1.6 document.) Ben On Wed, Dec 2, 2020 at

Announcing the Chrome Root Program

Writing in a Google capacity (See https://wiki.mozilla.org/CA/Policy_Participants ) Recently, at the CA/Browser Forum 51 “virtual F2F” [1], the Chrome team shared an announcement about a revamp to the Chrome Root Program, including an updated policy available at https://g.co/chrome/root-policy,

Re: Announcing the Chrome Root Program

Thank you, Ryan, for providing this very helpful information. ## What does this mean for the CA Certificates Module? Since 2015, I’ve been a Module Peer of the CA Certificates Module [1]. My role has been to support Kathleen and Ben, and previously also Wayne and Gerv, in performing detailed

Re: FNMT: Public Discussion of Root Inclusion Request

On Fri, 27 Nov 2020 at 11:19, Santiago Brox via dev-security-policy < dev-security-policy@lists.mozilla.org> wrote: > > El jueves, 19 de noviembre de 2020 a las 0:47:03 UTC+1, Matthias van de Meent escribió: > > On Wed, 18 Nov 2020, 01:06 Ben Wilson via dev-security-policy, > > wrote: > > > > > >

Re: Policy 2.7.1: MRSP Issue #206: Limit re-use of domain name verification to 398 days

One potential approach would be to make it so that issuances after July 1, 2021 require a validation no more than 398 days old. The currently-proposed wording ("verify that each dNSName or IPAddress is current and correct at intervals of 398 days or less") lends itself to that interpretation, it

Re: CCADB Proposal: Add field called Full CRL Issued By This CA

Hi Corey, From Apple’s perspective, the desire was first to have the field added to CCADB. From here, we’re planning on sending out a CA Communication notifying CAs that the field is available and requesting that CAs populate it. We are considering a requirement that Full CRLs be made

RE: Policy 2.7.1: MRSP Issue #206: Limit re-use of domain name verification to 398 days

Should this limit on reuse also apply to s/MIME? Right now, the 825 day limit in Mozilla policy only applies to TLS certs with email verification of s/MIME being allowed for infinity time. The first draft of the language looked like it may change this while the newer language puts back the TLS

Re: Policy 2.7.1: MRSP Issue #206: Limit re-use of domain name verification to 398 days

See my responses inline below. On Tue, Dec 1, 2020 at 1:34 PM Ryan Sleevi wrote: > > > On Tue, Dec 1, 2020 at 2:22 PM Ben Wilson via dev-security-policy < > dev-security-policy@lists.mozilla.org> wrote: > >> See responses inline below: >> >> On Tue, Dec 1, 2020 at 11:40 AM Doug Beattie > > >>

Re: Policy 2.7.1: MRSP Issue #206: Limit re-use of domain name verification to 398 days

All, I have started a similar, simultaneous discussion with the CA/Browser Forum, in order to gain traction. https://lists.cabforum.org/pipermail/servercert-wg/2020-December/002382.html Ben On Wed, Dec 2, 2020 at 2:49 PM Jeremy Rowley wrote: > Should this limit on reuse also apply to