On Saturday, March 6, 2021 at 11:17:53 PM UTC-5, bwi...@mozilla.com wrote:
> Thanks, Bruce, for raising the issue of pre-generated, yet unassigned keys.
> The intent was to cover this scenario. We are aware that CAs might
> generate 1000s of keys in a partition and then years later assign a few
Hello,
I can't find the test URIs for this root certificate...
___
dev-security-policy mailing list
dev-security-policy@lists.mozilla.org
https://lists.mozilla.org/listinfo/dev-security-policy
Dear Ben, Dear Kahtleen,
we suppose, there are no other changes intendent then apart from what you say
below?
If the rest of section 3.2 remains as it is, the specific matter of the ETSI
auditor qualification would be addressed through the referrer back to BRG
section 8.2. It would then
Here you go:
https://testvalidsslev.anf.es
https://testrevokedsslev.anf.es
https://testexpiredsslev.anf.es
On Thu, Mar 11, 2021 at 6:38 AM Andrey West Siberia via dev-security-policy
wrote:
> Hello,
> I can't find the test URIs for this root certificate...
>
Hi Bruce,
I think the answer is yes. A CA certificate is no longer trusted once it
has expired or been revoked (or added to OneCRL for subCAs) or removed
(roots). But I'm double-checking on the case of certificates with validity
periods that extend past the expiration of the root.
Ben
On Thu, Mar
Bruce,
The answer would be yes because we check the validity of the root CA
certificate and other CA certificates.
Ben
On Thu, Mar 11, 2021 at 10:33 AM Ben Wilson wrote:
> Hi Bruce,
> I think the answer is yes. A CA certificate is no longer trusted once it
> has expired or been revoked (or
On Wed, 10 Mar 2021 13:43:55 -0700
Ben Wilson via dev-security-policy
wrote:
> This is to announce the beginning of the public discussion phase of
> the Mozilla root CA inclusion process for the ANF Secure Server Root
> CA.
I'd like to draw attention to the first misissuance mentioned
in
OK. Thanks for your answers.
In summary, my understanding is that we can ignore that illustrative control of
the Webtrust Criteria and that the community is cool with these subordinations
of CAs with stronger keys (same or different algorithm).
Best,
Pedro
8 matches
Mail list logo