Re: CCADB Proposal: Add field called Full CRL Issued By This CA

2020-12-02 Thread cli...--- via dev-security-policy
Hi Corey, From Apple’s perspective, the desire was first to have the field added to CCADB. From here, we’re planning on sending out a CA Communication notifying CAs that the field is available and requesting that CAs populate it. We are considering a requirement that Full CRLs be made

RE: CCADB Proposal: Add field called Full CRL Issued By This CA

2020-11-20 Thread Corey Bonnell via dev-security-policy
Wilson Sent: Thursday, November 19, 2020 6:14 PM To: Ryan Hurst ; Corey Bonnell Cc: Mozilla Subject: Re: CCADB Proposal: Add field called Full CRL Issued By This CA FWIW - Here is a recent post on this issue from JC Jones - https://github.com/mozilla/crlite/issues/43#issuecomment-726493990

Re: CCADB Proposal: Add field called Full CRL Issued By This CA

2020-11-20 Thread Ryan Hurst via dev-security-policy
On Thursday, November 19, 2020 at 3:13:58 PM UTC-8, Ben Wilson wrote: > FWIW - Here is a recent post on this issue from JC Jones - > https://github.com/mozilla/crlite/issues/43#issuecomment-726493990 > On Thu, Nov 19, 2020 at 4:00 PM Ryan Hurst via dev-security-policy < >

Re: CCADB Proposal: Add field called Full CRL Issued By This CA

2020-11-19 Thread Ben Wilson via dev-security-policy
FWIW - Here is a recent post on this issue from JC Jones - https://github.com/mozilla/crlite/issues/43#issuecomment-726493990 On Thu, Nov 19, 2020 at 4:00 PM Ryan Hurst via dev-security-policy < dev-security-policy@lists.mozilla.org> wrote: > On Wednesday, November 18, 2020 at 8:26:50 PM UTC-8,

Re: CCADB Proposal: Add field called Full CRL Issued By This CA

2020-11-19 Thread Ryan Hurst via dev-security-policy
On Wednesday, November 18, 2020 at 8:26:50 PM UTC-8, Ryan Sleevi wrote: > On Wed, Nov 18, 2020 at 7:57 PM Ryan Hurst via dev-security-policy < > dev-secur...@lists.mozilla.org> wrote: > > > Kathleen, > > > > This introduces an interesting question, how might Mozilla want to see > > partial

Re: CCADB Proposal: Add field called Full CRL Issued By This CA

2020-11-19 Thread Corey Bonnell via dev-security-policy
Hi Kathleen, Thank you for posting the notification concerning the update to CCADB. I have a follow-up question: in the discussion captured in https://github.com/mozilla/pkipolicy/issues/218, it appears that there's a desire for CAs to produce and publish complete CRLs for end-entity

Re: CCADB Proposal: Add field called Full CRL Issued By This CA

2020-11-18 Thread Ryan Sleevi via dev-security-policy
On Wed, Nov 18, 2020 at 7:57 PM Ryan Hurst via dev-security-policy < dev-security-policy@lists.mozilla.org> wrote: > Kathleen, > > This introduces an interesting question, how might Mozilla want to see > partial CRLs be discoverable? Of course, they are pointed to by the > associated CRLdp but is

Re: CCADB Proposal: Add field called Full CRL Issued By This CA

2020-11-18 Thread Ryan Hurst via dev-security-policy
On Wednesday, November 18, 2020 at 3:07:32 PM UTC-8, Kathleen Wilson wrote: > All, > > The following changes have been made in the CCADB: > > On Intermediate Cert pages: > - Renamed section heading ‘Revocation Information’ to ‘Revocation > Information for this Certificate’ > - Added section

Re: CCADB Proposal: Add field called Full CRL Issued By This CA

2020-11-18 Thread Kathleen Wilson via dev-security-policy
All, The following changes have been made in the CCADB: On Intermediate Cert pages: - Renamed section heading ‘Revocation Information’ to ‘Revocation Information for this Certificate’ - Added section called ‘Pertaining to Certificates Issued by this CA’ - Added 'Full CRL Issued By This CA'