Re: Root Store Policy Suggestion

2021-01-28 Thread Burton via dev-security-policy
On Thu, Jan 28, 2021 at 7:33 PM Ryan Sleevi wrote: > > > On Thu, Jan 28, 2021 at 1:32 PM Burton wrote: > >> Hi Ryan, >> >> The answer to your questions. >> >> A remediation plan is only useful in cases of slight CA non-compliance to >> the rules set forth by the root store policy. >> >> A

Re: Root Store Policy Suggestion

2021-01-28 Thread Ryan Sleevi via dev-security-policy
On Thu, Jan 28, 2021 at 1:32 PM Burton wrote: > Hi Ryan, > > The answer to your questions. > > A remediation plan is only useful in cases of slight CA non-compliance to > the rules set forth by the root store policy. > > A remediation plans in cases of slight CA non-compliance provides >

Re: Root Store Policy Suggestion

2021-01-28 Thread Burton via dev-security-policy
Hi Ryan, The answer to your questions. A remediation plan is only useful in cases of slight CA non-compliance to the rules set forth by the root store policy. A remediation plans in cases of slight CA non-compliance provides assurance of CA commitment to compliance. A CA under investigation of

Re: Root Store Policy Suggestion

2021-01-27 Thread Burton via dev-security-policy
Hi Ryan, These are good questions! I'll get back to you tomorrow with the answers to your questions. I want to research and give you the right information. Thank you Burton On Wed, Jan 27, 2021 at 7:54 PM Ryan Sleevi wrote: > > > On Wed, Jan 27, 2021 at 2:45 PM Burton wrote: > >> I included

Re: Root Store Policy Suggestion

2021-01-27 Thread Ryan Sleevi via dev-security-policy
On Wed, Jan 27, 2021 at 2:45 PM Burton wrote: > I included the remediation plan in the proposal because a CA will mostly > always include a remediation plan when they reach the stage of serious > non-compliance investigation by root store policy owners. > Sure, but I was more asking: are you

Re: Root Store Policy Suggestion

2021-01-27 Thread Burton via dev-security-policy
Hi Ryan, I included the remediation plan in the proposal because a CA will mostly always include a remediation plan when they reach the stage of serious non-compliance investigation by root store policy owners. The first remediation plan is always a draft version as it's updated as the discussion

Re: Root Store Policy Suggestion

2021-01-27 Thread Ryan Sleevi via dev-security-policy
On Wed, Jan 27, 2021 at 10:11 AM Burton wrote: > Hello, > > The Mozilla root store policy should include a section that sets out time > limit periods in numbered stages for non-compliance CA discussions. That > way everything is fair, can't be disputed and everyone knows when the > discussion of