Re: Context on Certificate Policies

6 views
Skip to first unread message

Hubert Chao

unread,
Jun 10, 2024, 7:54:59 PM6/10/24
to Celeste Pan, ma...@chromium.org, Erik Anderson, Brandon Maslen, chrome-secur...@chromium.org

On Mon, Jun 10, 2024 at 2:24 PM Celeste Pan <celes...@microsoft.com> wrote:
Hi Hubert and Matt,

I hope this email finds you well!  We noticed some new certificate-related policies in Chromium in this folder: CertificateManagement - Chromium Code Search, but since they're marked as "future" policies, we're not sure what the envisioned use case is for them.
We are hoping you can share some context on the intended use cases for these policies. Do you have some specific enterprise scenarios requesting controls like this?

Best,
Celeste

David Adrian

unread,
Jun 11, 2024, 9:17:16 AM6/11/24
to Hubert Chao, Celeste Pan, ma...@chromium.org, Erik Anderson, Brandon Maslen, chrome-secur...@chromium.org
I think the policies are fairly self-explanatory. The intended use case is (root) certificate management, which is broadly applicable to many enterprises and many use cases. They are marked as future until they are ready for release on all platforms.

If you have specific questions about how they work or what they do, happy to answer.


--
You received this message because you are subscribed to the Google Groups "chrome-secure-web-and-net" group.
To unsubscribe from this group and stop receiving emails from it, send an email to chrome-secure-web-...@chromium.org.
To view this discussion on the web visit https://groups.google.com/a/chromium.org/d/msgid/chrome-secure-web-and-net/CAGTM%2B7gLHvWt%3Dzup3eEZ1RTOm1wL-N7zYJGJ18RZ4sZkuV2iGw%40mail.gmail.com.
For more options, visit https://groups.google.com/a/chromium.org/d/optout.

Erik Anderson

unread,
Jun 11, 2024, 9:51:45 PM6/11/24
to David Adrian, Hubert Chao, Celeste Pan, ma...@chromium.org, Brandon Maslen, chrome-secur...@chromium.org

Hi,

 

I agree the descriptions are sufficient to understand what they do.

 

The question was more about motivation—the goal is to enable further decoupling from the OS root store, correct? We were hoping to understand if there was anything more nuanced than, “give me consistent cross-platform policies for managing Chrome.” For example, I could imagine maybe you’ve had customers request the ability to install a root to the OS store but they want to do so in a way that doesn’t affect the browser.

 

Given we’re not actively getting similar requests (at least, not that I’m aware of), we wanted to check if we were missing anything.

 

If the answer is, “we’ve have requests but are not willing to share more than that,” that’s fine too. Thanks for the quick response either way!

 

Thanks,

Erik

David Adrian

unread,
Jun 12, 2024, 9:57:55 AM6/12/24
to Erik Anderson, Hubert Chao, Celeste Pan, ma...@chromium.org, Brandon Maslen, chrome-secur...@chromium.org
We have requests for browser-but-not-OS, OS-but-not-browser, and consistent cross-platform policies.

I don't think we can share more than that.
Reply all
Reply to author
Forward
0 new messages