dev-security-policy@mozilla.org

Contact owners and managers

1–30 of 241

Welcome to the dev-security-policy group in which we discuss security-related policies, governance, and related topics; including discussion of Mozilla’s Root Store Policy and the NSS root certificate store.

Mailing List: dev-security-policy@mozilla.org
Web: https://groups.google.com/a/mozilla.org/g/dev-security-policy
Subscribe by using the button "Ask to join group" and complete the box "Reason for joining". Membership requests must provide context for your interest in joining the group. Requests without this information will be rejected.
Participation Guidelines: https://www.mozilla.org/about/governance/policies/participation/
Participants: https://wiki.mozilla.org/CA/Policy_Participants
Unsubscribe by sending email to: dev-security-policy+unsubscribe@mozilla.org
Previous archives (2009-2021): https://groups.google.com/g/mozilla.dev.security.policy
RSS feed: https://www.mail-archive.com/dev-security-policy@mozilla.org/maillist.xml

0 selected

Ben Wilson, … Amir Omidi (aaomidi)9

Apr 26

Public Discussion of Acquisition of e-commerce monitoring GmbH by AUSTRIA CARD-Plastikkarten und Ausweissysteme GmbH

Did you ever hear from them? On Tuesday, March 5, 2024 at 11:18:13 AM UTC-5 Ben Wilson wrote: All,

unread,

Public Discussion of Acquisition of e-commerce monitoring GmbH by AUSTRIA CARD-Plastikkarten und Ausweissysteme GmbH

Did you ever hear from them? On Tuesday, March 5, 2024 at 11:18:13 AM UTC-5 Ben Wilson wrote: All,

Apr 26

Apr 24

CA Incident Transparency and Public Audits

Hello, I've been watching the Entrust saga of issues over the past month and keeping an eye on

unread,

CA Incident Transparency and Public Audits

Hello, I've been watching the Entrust saga of issues over the past month and keeping an eye on

Apr 24

Amir Omidi (aaomidi), … David Adrian4

Apr 22

Question about a random certificate I've found on CT

Thanks all! On Mon, Apr 22, 2024 at 7:05 AM 'David Adrian' via dev-security-policy@mozilla.

unread,

Question about a random certificate I've found on CT

Thanks all! On Mon, Apr 22, 2024 at 7:05 AM 'David Adrian' via dev-security-policy@mozilla.

Apr 22

Mar 25

Approval of Firmaprofesional CA Root-A Web

All, Public discussion regarding inclusion of the Firmaprofesional CA ROOT-A WEB began on the CCADB

unread,

Approval of Firmaprofesional CA Root-A Web

All, Public discussion regarding inclusion of the Firmaprofesional CA ROOT-A WEB began on the CCADB

Mar 25

Kathleen Wilson, … Marcel Levy8

Mar 4

Retirement Announcement & Thank You!

Kathleen, Thank you for your work, and for creating a tool that's helped make the world a bit

unread,

Retirement Announcement & Thank You!

Kathleen, Thank you for your work, and for creating a tool that's helped make the world a bit

Mar 4

Suchan Seo, … Corey Bonnell5

Feb 21

OCSP responde for serial number that exist but out of scope of OCSP reponder?

I agree with Aaron's assessment. In addition to the reasons from a compliance standpoint that

unread,

OCSP responde for serial number that exist but out of scope of OCSP reponder?

I agree with Aaron's assessment. In addition to the reasons from a compliance standpoint that

Feb 21

Kathleen Wilson32

Feb 20

Audit Reminder Email Summary - Intermediate Certificates

-------- Forwarded Message -------- Subject: Summary of February 2024 Outdated Audit Statements for

unread,

Audit Reminder Email Summary - Intermediate Certificates

-------- Forwarded Message -------- Subject: Summary of February 2024 Outdated Audit Statements for

Feb 20

Kathleen Wilson, … Matthias van de Meent39

Feb 20

Audit Reminder Email Summary - Root Certificates

-------- Forwarded Message -------- Subject: Summary of February 2024 Audit Reminder Emails Date: Tue

unread,

Audit Reminder Email Summary - Root Certificates

-------- Forwarded Message -------- Subject: Summary of February 2024 Audit Reminder Emails Date: Tue

Feb 20

Tavis Ormandy, … Corey Bonnell17

Feb 15

BR revocation question

Hi Aaron, > A date no more than 12 months beyond thisUpdate. The acceptable validity intervals do

unread,

BR revocation question

Hi Aaron, > A date no more than 12 months beyond thisUpdate. The acceptable validity intervals do

Feb 15

Hanno Böck, … Tobias S. Josefowitz3

Jan 18

Shared wildcard certificate in EV chargers

On Wed, Jan 17, 2024 at 3:51 PM Xiaohui Lam <inao...@gmail.com> wrote: > > This is a

unread,

Shared wildcard certificate in EV chargers

On Wed, Jan 17, 2024 at 3:51 PM Xiaohui Lam <inao...@gmail.com> wrote: > > This is a

Jan 18

Peter Mate Erdosi, Corey Bonnell3

Jan 16

Compliance question about OCSP responder certificates

Thank you Corey, I found it! https://cabforum.org/2023/03/17/ballot-sc62v2-certificate-profiles-

unread,

Compliance question about OCSP responder certificates

Thank you Corey, I found it! https://cabforum.org/2023/03/17/ballot-sc62v2-certificate-profiles-

Jan 16

Jan Schaumann, … Matthew Hardeman4

Jan 12

known bad certs blocklist

I also was going to point out that these are probably [at least] three different concepts: 1. There

unread,

known bad certs blocklist

I also was going to point out that these are probably [at least] three different concepts: 1. There

Jan 12

Ben Wilson, … Roman Fischer7

Jan 4

Improvements to Vulnerability Disclosure wiki page

Thanks, Roman I have added "Email Address / Group Distribution List" as a clarification.

unread,

Improvements to Vulnerability Disclosure wiki page

Thanks, Roman I have added "Email Address / Group Distribution List" as a clarification.

Jan 4

Jan 3

Deutsche Telekom Security's Root Inclusion Request

All, Public discussion began on the CCADB Public List on Nov. 1, 2023 (https://groups.google.com/a/

unread,

Deutsche Telekom Security's Root Inclusion Request

All, Public discussion began on the CCADB Public List on Nov. 1, 2023 (https://groups.google.com/a/

Jan 3

Jan 2

S/MIME BR Transition Wiki Page

All, I am editing the S/MIME Baseline Requirements transition guidance wiki page (https://wiki.

unread,

S/MIME BR Transition Wiki Page

All, I am editing the S/MIME Baseline Requirements transition guidance wiki page (https://wiki.

Jan 2

12/19/23

D-Trust Inclusion Request (Email Trust Bit)

All, Public discussion concluded last Friday, Dec. 15, on the CCADB Public List, for D-Trust's

unread,

D-Trust Inclusion Request (Email Trust Bit)

All, Public discussion concluded last Friday, Dec. 15, on the CCADB Public List, for D-Trust's

12/19/23

Amir Omidi (aaomidi)

12/18/23

e-commerce monitoring GmbH and at what point does a CA get distrusted

Hi all, I am hoping to get some root program perspectives on this incident: https://bugzilla.mozilla.

unread,

e-commerce monitoring GmbH and at what point does a CA get distrusted

Hi all, I am hoping to get some root program perspectives on this incident: https://bugzilla.mozilla.

12/18/23

Phil Porada, … Dana Keeler25

12/18/23

Let's Encrypt New Intermediate Certificates

Just a minor nit here, talking about "pinning roots" is a bit of an oxymoron because they

unread,

Let's Encrypt New Intermediate Certificates

Just a minor nit here, talking about "pinning roots" is a bit of an oxymoron because they

12/18/23

Aaron Gable, … Ryan Hurst6

12/1/23

CP/CPS intra-document cross-references

Having read more, CP/CPS is in my life, and I cared to admit to it is my opinion that better to not

unread,

CP/CPS intra-document cross-references

Having read more, CP/CPS is in my life, and I cared to admit to it is my opinion that better to not

12/1/23

10/17/23

Updated Incident Reporting Requirements

All, The framework for reporting compliance incidents has been updated on the CCADB website. See

unread,

Updated Incident Reporting Requirements

All, The framework for reporting compliance incidents has been updated on the CCADB website. See

10/17/23

10/13/23

Intent to Approve Commscope's CA Inclusion Request

All, We recently concluded a 6-week public discussion on the CCADB list of the request for inclusion

unread,

Intent to Approve Commscope's CA Inclusion Request

All, We recently concluded a 6-week public discussion on the CCADB list of the request for inclusion

10/13/23

9/27/23

MRSP 2.9: Survey Results - August 2023 CA Communication and Survey

Here are summaries of questions and comments and our responses. Summary of Questions or Concerns

unread,

MRSP 2.9: Survey Results - August 2023 CA Communication and Survey

Here are summaries of questions and comments and our responses. Summary of Questions or Concerns

9/27/23

Kathleen Wilson2

9/20/23

Ownership change for Mozilla CA Certificate Policy module

The module ownership has been updated. https://wiki.mozilla.org/Modules/All#Governance_Sub_Modules

unread,

Ownership change for Mozilla CA Certificate Policy module

The module ownership has been updated. https://wiki.mozilla.org/Modules/All#Governance_Sub_Modules

9/20/23

9/18/23

Blog Post About Mozilla Root Store Policy Version 2.9

All, Recently, I posted on the Mozilla Security Blog a brief overview of updates to the Mozilla Root

unread,

Blog Post About Mozilla Root Store Policy Version 2.9

All, Recently, I posted on the Mozilla Security Blog a brief overview of updates to the Mozilla Root

9/18/23

8/29/23

MRSP 2.9: Draft CA Communication and Survey

All, This August 2023 CA Communication and Survey was sent out to CAs already in our program last

unread,

MRSP 2.9: Draft CA Communication and Survey

All, This August 2023 CA Communication and Survey was sent out to CAs already in our program last

8/29/23

Tim Hollebeek, Aaron Poulsen2

8/18/23

Mozilla Policy 2.9, section 3.1.4 and CCADB policy section 5.1

I do not feel this point it nitpicky. Externally-referenced documents increase the compliance burden

unread,

Mozilla Policy 2.9, section 3.1.4 and CCADB policy section 5.1

I do not feel this point it nitpicky. Externally-referenced documents increase the compliance burden

8/18/23

Ben Wilson, … Christophe Bonjean8

8/18/23

MRSP 2.9: S/MIME BRs and Audits

All, The language decided upon for item 3 of MRSP section 1.1 (Scope of MRSP for end entity

unread,

MRSP 2.9: S/MIME BRs and Audits

All, The language decided upon for item 3 of MRSP section 1.1 (Scope of MRSP for end entity

8/18/23

8/18/23

MRSP 2.9: Issues 261, 263 and 267, Miscellaneous Clarifications and Corrections

All, I don't believe we received any comments or questions, and the proposed changes have been

unread,

MRSP 2.9: Issues 261, 263 and 267, Miscellaneous Clarifications and Corrections

All, I don't believe we received any comments or questions, and the proposed changes have been

8/18/23

8/18/23

MRSP 2.9: Issue #250: Clarify MRSP 5.3.2 to expressly include revoked CA certificates

All, Here is the currently proposed language for the first paragraph of MRSP section 5.3.2: The

unread,

MRSP 2.9: Issue #250: Clarify MRSP 5.3.2 to expressly include revoked CA certificates

All, Here is the currently proposed language for the first paragraph of MRSP section 5.3.2: The

8/18/23

Ben Wilson, Pedro Fuentes5

8/18/23

MRSP 2.9: Issue #239: Audit Statement Content

All, In response to Tim Hollebeek's recent email on this topic (https://groups.google.com/a/

unread,

MRSP 2.9: Issue #239: Audit Statement Content

All, In response to Tim Hollebeek's recent email on this topic (https://groups.google.com/a/

8/18/23

Search

Clear search

Close search

Google apps

Main menu