Re: Proposal: Make readable CPSes easier to find

On Tue, Apr 21, 2020 at 01:23:49AM -0400, Ryan Sleevi via dev-security-policy wrote: > On Mon, Apr 20, 2020 at 10:04 PM Matt Palmer via dev-security-policy > wrote: > > 2. Make the cPSuri actually point to the relevant CPS > > That doesn’t really capture what a CPS is. There can be many

Re: Is issuing a certificate for a previously-reported compromised private key misissuance?

On Thu, Mar 19, 2020 at 05:30:31AM -0500, Ryan Sleevi via dev-security-policy wrote: > [...] but given that some negligent and > irresponsible CAs kept agitating to reduce revocation requirements than > protect users, the ballot was kept simple. > [...] I worry the same set of negligent and

Re: Policy 2.7.1: MRSP Issue #192: Require information about auditor qualifications in the audit report

On Thu, Nov 05, 2020 at 11:48:20AM -0500, Ryan Sleevi via dev-security-policy wrote: > competency is with individuals, not organizations. [snip] > I find the appeal to redundancy and the NAB, and further, the suggestion of > GDPR, to be a bit insulting to this community. This opposition to >

Re: The CAA DNS Operator Exception Is Problematic

On Wed, Feb 10, 2021 at 02:21:53AM +, Nick Lamb via dev-security-policy wrote: > On Mon, 8 Feb 2021 13:40:05 -0500 > Andrew Ayer via dev-security-policy > wrote: > > > The BRs permit CAs to bypass CAA checking for a domain if "the CA or > > an Affiliate of the CA is the DNS Operator (as