Groups
Sign in
Groups
dev-security-policy@mozilla.org
Conversations
About
Send feedback
Help
dev-security-policy@mozilla.org
Contact owners and managers
1–30 of 260
Welcome to the dev-security-policy group in which we discuss security-related policies, governance, and related topics; including discussion of
Mozilla’s Root Store Policy
and the
NSS root certificate store
.
Mailing List:
dev-security-policy@mozilla.or
g
Web:
https://groups.google.com/a/mo
zilla.org/g/dev-security-polic
y
Subscribe by using the button "Ask to join group" and complete the box "Reason for joining".
Membership requests must provide context for your interest in joining the group. Requests without this information will be rejected.
Participation Guidelines:
https://www.mozilla.org/about/
governance/policies/participat
ion/
Participants:
https://wiki.mozilla.org/CA/Po
licy_Participants
Unsubscribe by sending email to:
dev-security-policy+unsubscrib
e@mozilla.org
Previous archives (2009-2021):
https://groups.google.com/g/mo
zilla.dev.security.policy
RSS feed:
https://www.mail-archive.com/d
ev-security-policy@mozilla.org
/maillist.xml
Mark all as read
Report group
0 selected
Ben Wilson
, …
Mike Shaver
70
Jul 1
Recent Entrust Compliance Incidents
All, We want to thank everybody who has participated in the discussion for their detailed reviews of
unread,
Recent Entrust Compliance Incidents
All, We want to thank everybody who has participated in the discussion for their detailed reviews of
Jul 1
Ben Wilson
Jun 30
Draft "Lessons Learned" Wiki Page – Seeking Feedback
Dear Mozilla Community, I am pleased to announce the publication of a new resource aimed at enhancing
unread,
Draft "Lessons Learned" Wiki Page – Seeking Feedback
Dear Mozilla Community, I am pleased to announce the publication of a new resource aimed at enhancing
Jun 30
Mike Shaver
, …
Tyrel
9
Jun 27
Mozilla delayed revocation incident expectations
Mike, While the existence of the delayed revocation protocol might make delayed revocation seem more
unread,
Mozilla delayed revocation incident expectations
Mike, While the existence of the delayed revocation protocol might make delayed revocation seem more
Jun 27
Arabella Barks
, …
Alvin Wang
9
Jun 26
iPAddress certificate bypass DCV on port 80 or 443? Does it compliant BR?
Wang, Thank you for your clarification, and responsible attitude, Our community can be sure that
unread,
iPAddress certificate bypass DCV on port 80 or 443? Does it compliant BR?
Wang, Thank you for your clarification, and responsible attitude, Our community can be sure that
Jun 26
Ben Wilson
, …
Wayne
4
Jun 25
Proposal for a 24-hour pause in Entrust Discussion
Hi Wayne, Thank you for your question. I was thinking that the pause would apply to all emails under
unread,
Proposal for a 24-hour pause in Entrust Discussion
Hi Wayne, Thank you for your question. I was thinking that the pause would apply to all emails under
Jun 25
Watson Ladd
,
Aaron Gable
2
Jun 18
Fwd: Revocation necessity: subjective or objective
You were able to successfully post to pub...@ccadb.org: https://groups.google.com/a/ccadb.org/g/
unread,
Fwd: Revocation necessity: subjective or objective
You were able to successfully post to pub...@ccadb.org: https://groups.google.com/a/ccadb.org/g/
Jun 18
Aaron Gable
, …
Wayne
5
Jun 14
Handling of inconsistencies between BRs, CPs, and CPSes
On Friday, June 14, 2024 at 6:54:03 PM UTC+1 Aaron Gable wrote: On Fri, Jun 14, 2024 at 9:44 AM Wayne
unread,
Handling of inconsistencies between BRs, CPs, and CPSes
On Friday, June 14, 2024 at 6:54:03 PM UTC+1 Aaron Gable wrote: On Fri, Jun 14, 2024 at 9:44 AM Wayne
Jun 14
Ben Wilson
, …
e-commerce monitoring
19
Jun 14
Public Discussion of Acquisition of e-commerce monitoring GmbH by AUSTRIA CARD-Plastikkarten und Ausweissysteme GmbH
As you might know, browsers have decided to remove e-commerce monitoring GmbH (ECM) with its Root
unread,
Public Discussion of Acquisition of e-commerce monitoring GmbH by AUSTRIA CARD-Plastikkarten und Ausweissysteme GmbH
As you might know, browsers have decided to remove e-commerce monitoring GmbH (ECM) with its Root
Jun 14
Ben Wilson
, …
e-commerce monitoring
15
Jun 14
Distrust dates for GLOBALTRUST 2020 CA
As you might know, browsers have decided to remove e-commerce monitoring GmbH (ECM) with its Root
unread,
Distrust dates for GLOBALTRUST 2020 CA
As you might know, browsers have decided to remove e-commerce monitoring GmbH (ECM) with its Root
Jun 14
Mike Shaver
, …
Amir Omidi (aaomidi)
19
Jun 13
when do things really need to be revoked? who decides?
On Mon, Jun 10, 2024 at 11:06 AM Tyrel <tmcque...@gmail.com> wrote: Since it has come up in
unread,
when do things really need to be revoked? who decides?
On Mon, Jun 10, 2024 at 11:06 AM Tyrel <tmcque...@gmail.com> wrote: Since it has come up in
Jun 13
Ben Wilson
,
Tim Hollebeek
2
Jun 5
Help Improve the Mozilla Root Store Policy
This doesn't apply to the parts of Mozilla policy that aren't certificate policy, but to the
unread,
Help Improve the Mozilla Root Store Policy
This doesn't apply to the parts of Mozilla policy that aren't certificate policy, but to the
Jun 5
Ben Wilson
Jun 5
Phasing out Legacy S/MIME Certificates
All, The Mozilla Root Store Policy incorporates the CA/B Forum's S/MIME Baseline Requirements (
unread,
Phasing out Legacy S/MIME Certificates
All, The Mozilla Root Store Policy incorporates the CA/B Forum's S/MIME Baseline Requirements (
Jun 5
Ben Wilson
, …
Hao-Chun Li
5
Jun 5
Approval of Taiwan CA's Root Inclusion Request
Hi Matt, Our replies are inline below. 2024年6月5日水曜日 8:57:16 UTC+8 Matt Palmer: On Tue, Jun 04, 2024
unread,
Approval of Taiwan CA's Root Inclusion Request
Hi Matt, Our replies are inline below. 2024年6月5日水曜日 8:57:16 UTC+8 Matt Palmer: On Tue, Jun 04, 2024
Jun 5
Wayne
, …
Yu Rollin
8
Jun 1
Mozilla Root Policy: ECC Curves and Signature Length (Mass Certificate Problem Report)
Agreed with Amir, if the public key of the issuer certificate is ECDSA P-384, then the signed
unread,
Mozilla Root Policy: ECC Curves and Signature Length (Mass Certificate Problem Report)
Agreed with Amir, if the public key of the issuer certificate is ECDSA P-384, then the signed
Jun 1
Amir Omidi (aaomidi)
, …
Wayne
7
May 30
Vulnurability Disclosure - How does it happen?
To bring this discussion back up what is the required impact for disclosure? To move the discussion
unread,
Vulnurability Disclosure - How does it happen?
To bring this discussion back up what is the required impact for disclosure? To move the discussion
May 30
Mike Shaver
May 22
subscriber certificate agility KYC for CAs
I wanted to elaborate on a piece of my last message, specifically around issuance of certificates for
unread,
subscriber certificate agility KYC for CAs
I wanted to elaborate on a piece of my last message, specifically around issuance of certificates for
May 22
Wayne
May 22
CA Incident Response and Delayed Revocation Correspondence
Given all of the discussion on delayed revocation the past few months I was thinking it would be
unread,
CA Incident Response and Delayed Revocation Correspondence
Given all of the discussion on delayed revocation the past few months I was thinking it would be
May 22
Mike Shaver
,
Ben Wilson
2
May 6
comment on Entrust_Issues wiki page
All, I hadn't announced this page yet, hoping to reference it in an email currently undergoing
unread,
comment on Entrust_Issues wiki page
All, I hadn't announced this page yet, hoping to reference it in an email currently undergoing
May 6
Felix Linker
,
Andrew Ayer
3
May 3
CT Log Inclusion check: get-entry-and-proof unexpectedly returns "Not found"
Thanks for the pointer, Andrew! Best, Felix On 3 May 2024, at 00:29, Andrew Ayer <agwa@andrewayer.
unread,
CT Log Inclusion check: get-entry-and-proof unexpectedly returns "Not found"
Thanks for the pointer, Andrew! Best, Felix On 3 May 2024, at 00:29, Andrew Ayer <agwa@andrewayer.
May 3
Mike Shaver
, …
Andrew Ayer
5
May 2
evaluation of aggregate behaviour for CAs
Oh, I feel dumb for not searching the old Google group, considering that I used to subscribe to it.
unread,
evaluation of aggregate behaviour for CAs
Oh, I feel dumb for not searching the old Google group, considering that I used to subscribe to it.
May 2
Wayne
,
Mike Shaver
3
Apr 27
CA Incident Transparency and Public Audits
Thanks, Wayne. I think this sort of analysis is quite valuable for constructing a reliable history of
unread,
CA Incident Transparency and Public Audits
Thanks, Wayne. I think this sort of analysis is quite valuable for constructing a reliable history of
Apr 27
Amir Omidi (aaomidi)
, …
David Adrian
4
Apr 22
Question about a random certificate I've found on CT
Thanks all! On Mon, Apr 22, 2024 at 7:05 AM 'David Adrian' via dev-security-policy@mozilla.
unread,
Question about a random certificate I've found on CT
Thanks all! On Mon, Apr 22, 2024 at 7:05 AM 'David Adrian' via dev-security-policy@mozilla.
Apr 22
Ben Wilson
Mar 25
Approval of Firmaprofesional CA Root-A Web
All, Public discussion regarding inclusion of the Firmaprofesional CA ROOT-A WEB began on the CCADB
unread,
Approval of Firmaprofesional CA Root-A Web
All, Public discussion regarding inclusion of the Firmaprofesional CA ROOT-A WEB began on the CCADB
Mar 25
Kathleen Wilson
, …
Marcel Levy
8
Mar 4
Retirement Announcement & Thank You!
Kathleen, Thank you for your work, and for creating a tool that's helped make the world a bit
unread,
Retirement Announcement & Thank You!
Kathleen, Thank you for your work, and for creating a tool that's helped make the world a bit
Mar 4
Suchan Seo
, …
Corey Bonnell
5
Feb 21
OCSP responde for serial number that exist but out of scope of OCSP reponder?
I agree with Aaron's assessment. In addition to the reasons from a compliance standpoint that
unread,
OCSP responde for serial number that exist but out of scope of OCSP reponder?
I agree with Aaron's assessment. In addition to the reasons from a compliance standpoint that
Feb 21
Kathleen Wilson
32
Feb 20
Audit Reminder Email Summary - Intermediate Certificates
-------- Forwarded Message -------- Subject: Summary of February 2024 Outdated Audit Statements for
unread,
Audit Reminder Email Summary - Intermediate Certificates
-------- Forwarded Message -------- Subject: Summary of February 2024 Outdated Audit Statements for
Feb 20
Kathleen Wilson
, …
Matthias van de Meent
39
Feb 20
Audit Reminder Email Summary - Root Certificates
-------- Forwarded Message -------- Subject: Summary of February 2024 Audit Reminder Emails Date: Tue
unread,
Audit Reminder Email Summary - Root Certificates
-------- Forwarded Message -------- Subject: Summary of February 2024 Audit Reminder Emails Date: Tue
Feb 20
Tavis Ormandy
, …
Corey Bonnell
17
Feb 15
BR revocation question
Hi Aaron, > A date no more than 12 months beyond thisUpdate. The acceptable validity intervals do
unread,
BR revocation question
Hi Aaron, > A date no more than 12 months beyond thisUpdate. The acceptable validity intervals do
Feb 15
Hanno Böck
, …
Tobias S. Josefowitz
3
Jan 18
Shared wildcard certificate in EV chargers
On Wed, Jan 17, 2024 at 3:51 PM Xiaohui Lam <inao...@gmail.com> wrote: > > This is a
unread,
Shared wildcard certificate in EV chargers
On Wed, Jan 17, 2024 at 3:51 PM Xiaohui Lam <inao...@gmail.com> wrote: > > This is a
Jan 18
Peter Mate Erdosi
,
Corey Bonnell
3
Jan 16
Compliance question about OCSP responder certificates
Thank you Corey, I found it! https://cabforum.org/2023/03/17/ballot-sc62v2-certificate-profiles-
unread,
Compliance question about OCSP responder certificates
Thank you Corey, I found it! https://cabforum.org/2023/03/17/ballot-sc62v2-certificate-profiles-
Jan 16