Re: Public Discussion re: Inclusion of the ANF Secure Server Root CA

On March 10, 2021, we began the public discussion period [Step 4 of the Mozilla Root Store CA Application Process ] for ANF’s inclusion request. One commenter recounted some of ANF's certificate misissuance events and expressed concern that CAs

Re: Public Discussion re: Inclusion of the ANF Secure Server Root CA

> - Sending a link that must be accessed to approved is known-insecure, as > automated mail scanning software may automatically dereference links in > e-mail (in order to do content inspection). Confirm/Reject buttons alone > shouldn't be seen as sufficient to mitigate this, as that may vary

Re: Public Discussion re: Inclusion of the ANF Secure Server Root CA

On Tue, Mar 16, 2021 at 6:02 PM Pablo Díaz via dev-security-policy < dev-security-policy@lists.mozilla.org> wrote: > Said "additional" confirmation email, addressed to the domain > administrator, informs them that [Applicant Data] has requested an SSL > certificate for their domain [Domain] by

Re: Public Discussion re: Inclusion of the ANF Secure Server Root CA

> The reason we reject human error as a root cause, which you don't seem > to understand because you mention the engineers, is that failures are > NOT the fault of humans who make mistakes. They're the fault of the > system which failed to prevent the mistakes. > The mention of the engineers,

Re: Public Discussion re: Inclusion of the ANF Secure Server Root CA

On Fri, 12 Mar 2021 04:57:56 -0800 (PST) Pablo D__az via dev-security-policy wrote: > [...] > > I completely agree that "Human error" is not an acceptable analysis, > and "training improvement" is not the optimal solution. We have > worked to apply as many automatic controls as possible to

Re: Public Discussion re: Inclusion of the ANF Secure Server Root CA

Hello Andrew, I am very aware that in the past the CA has made errors and misissuance, I fully understand the context and the seriousness of the matter. As CA we understand that it makes no sense to rely on "nothing serious ever happened", and the correct thing is to assume the importance of

Re: Public Discussion re: Inclusion of the ANF Secure Server Root CA

On Wed, 10 Mar 2021 13:43:55 -0700 Ben Wilson via dev-security-policy wrote: > This is to announce the beginning of the public discussion phase of > the Mozilla root CA inclusion process for the ANF Secure Server Root > CA. I'd like to draw attention to the first misissuance mentioned in

Re: Public Discussion re: Inclusion of the ANF Secure Server Root CA

Here you go: https://testvalidsslev.anf.es https://testrevokedsslev.anf.es https://testexpiredsslev.anf.es On Thu, Mar 11, 2021 at 6:38 AM Andrey West Siberia via dev-security-policy wrote: > Hello, > I can't find the test URIs for this root certificate... >

Re: Public Discussion re: Inclusion of the ANF Secure Server Root CA

Hello, I can't find the test URIs for this root certificate... ___ dev-security-policy mailing list dev-security-policy@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-security-policy

Public Discussion re: Inclusion of the ANF Secure Server Root CA

All, This is to announce the beginning of the public discussion phase of the Mozilla root CA inclusion process for the ANF Secure Server Root CA. See https://wiki.mozilla.org/CA/Application_Process#Process_Overview, (Steps 4 through 9). The ANF Secure Server Root CA is operated by ANF AC, a