Root Store Policy Suggestion

2021-01-27 Thread Burton via dev-security-policy
Hello, The Mozilla root store policy should include a section that sets out time limit periods in numbered stages for non-compliance CA discussions. That way everything is fair, can't be disputed and everyone knows when the discussion of the non-compliance CA will conclude. Then the decision from

Re: Root Store Policy Suggestion

2021-01-27 Thread Ryan Sleevi via dev-security-policy
On Wed, Jan 27, 2021 at 2:45 PM Burton wrote: > I included the remediation plan in the proposal because a CA will mostly > always include a remediation plan when they reach the stage of serious > non-compliance investigation by root store policy owners. > Sure, but I was more asking: are you

Re: Root Store Policy Suggestion

2021-01-27 Thread Burton via dev-security-policy
Hi Ryan, I included the remediation plan in the proposal because a CA will mostly always include a remediation plan when they reach the stage of serious non-compliance investigation by root store policy owners. The first remediation plan is always a draft version as it's updated as the discussion

Re: Root Store Policy Suggestion

2021-01-27 Thread Burton via dev-security-policy
Hi Ryan, These are good questions! I'll get back to you tomorrow with the answers to your questions. I want to research and give you the right information. Thank you Burton On Wed, Jan 27, 2021 at 7:54 PM Ryan Sleevi wrote: > > > On Wed, Jan 27, 2021 at 2:45 PM Burton wrote: > >> I included

Re: Root Store Policy Suggestion

2021-01-27 Thread Ryan Sleevi via dev-security-policy
On Wed, Jan 27, 2021 at 10:11 AM Burton wrote: > Hello, > > The Mozilla root store policy should include a section that sets out time > limit periods in numbered stages for non-compliance CA discussions. That > way everything is fair, can't be disputed and everyone knows when the > discussion of

Re: Mozilla's Response to Camerfirma's Compliance Issues

2021-01-27 Thread Watson Ladd via dev-security-policy
On Monday, January 25, 2021 at 9:21:53 PM UTC-8, Ben Wilson wrote: > Dear All, > > We appreciate your comments and participation in the discussion about the > Summary of Camerfirma's Compliance Issues, > https://wiki.mozilla.org/CA:Camerfirma_Issues. > > Mozilla has not yet made a decision

Re: Public Discussion of GlobalSign's CA Inclusion Request for R46, E46, R45 and E45 Roots

2021-01-27 Thread Ryan Sleevi via dev-security-policy
Hey Ben, I know discussion here has been quiet, but in light of other threads going on, I actually want to say I'm very supportive of GlobalSign's plan here, and surprised they didn't call more attention to it, because it's something to be proud of. As I understand it, and happy to be corrected