dev-security-policy@mozilla.org

Contact owners and managers

1–30 of 281

Welcome to the dev-security-policy group in which we discuss security-related policies, governance, and related topics; including discussion of Mozilla’s Root Store Policy and the NSS root certificate store.

Mailing List: dev-security-policy@mozilla.org
Web: https://groups.google.com/a/mozilla.org/g/dev-security-policy
Subscribe by using the button "Ask to join group" and complete the box "Reason for joining". Membership requests must provide context for your interest in joining the group. Requests without this information will be rejected.
Participation Guidelines: https://www.mozilla.org/about/governance/policies/participation/
Participants: https://wiki.mozilla.org/CA/Policy_Participants
Unsubscribe by sending email to: dev-security-policy+unsubscribe@mozilla.org
Previous archives (2009-2021): https://groups.google.com/g/mozilla.dev.security.policy
RSS feed: https://www.mail-archive.com/dev-security-policy@mozilla.org/maillist.xml

0 selected

Nov 20

Fwd: Further Improving the CCADB Incident Reporting Guidelines (FEEDBACK REQUESTED)

All, Forwarding here - please see below. Comments can be provided preferably on GitHub or on the

unread,

Fwd: Further Improving the CCADB Incident Reporting Guidelines (FEEDBACK REQUESTED)

All, Forwarding here - please see below. Comments can be provided preferably on GitHub or on the

Nov 20

M THUG, … Dana Keeler7

Nov 18

Reg : Inquiry Regarding Removal of Certificates with Specific SHA1 Fingerprints

Note that that certificate was not removed from NSS, but rather had its trust bits edited so that it

unread,

Reg : Inquiry Regarding Removal of Certificates with Specific SHA1 Fingerprints

Note that that certificate was not removed from NSS, but rather had its trust bits edited so that it

Nov 18

Matt Palmer, … Amir Omidi6

Nov 10

The Pwnedkeys Revokinator is back!

On Sun, Nov 10, 2024 at 06:19:50PM -0500, Amir Omidi wrote: > Trying to understand why signing

unread,

The Pwnedkeys Revokinator is back!

On Sun, Nov 10, 2024 at 06:19:50PM -0500, Amir Omidi wrote: > Trying to understand why signing

Nov 10

Aaron Gable, … Matt Palmer12

Nov 2

Assuming keyCompromise for unspecified-reason revocations

On Fri, Nov 01, 2024 at 06:47:54PM -0500, Jaime Hablutzel wrote: > > On 1 Nov 2024, at 7:28 AM,

unread,

Assuming keyCompromise for unspecified-reason revocations

On Fri, Nov 01, 2024 at 06:47:54PM -0500, Jaime Hablutzel wrote: > > On 1 Nov 2024, at 7:28 AM,

Nov 2

Peter Gutmann, … Rob Stradling22

Oct 30

Standard PKC Test Keys

Matt Palmer <mpa...@hezmatt.org> writes: >Well, I don't know if it's actually all

unread,

Standard PKC Test Keys

Matt Palmer <mpa...@hezmatt.org> writes: >Well, I don't know if it's actually all

Oct 30

Rob Stradling, … Matthew McPherrin5

Oct 17

Certificate Transparency enforcement in Firefox

I see you've landed a patch changing 12 to 10 weeks: https://bugzilla.mozilla.org/show_bug.cgi?id

unread,

Certificate Transparency enforcement in Firefox

I see you've landed a patch changing 12 to 10 weeks: https://bugzilla.mozilla.org/show_bug.cgi?id

Oct 17

Oct 7

MRSP 3.0: Candidate Issues for MRSP v. 3.0

All, Please also consider the addition of GitHub Issue #283 to the list of issues that we would like

unread,

MRSP 3.0: Candidate Issues for MRSP v. 3.0

All, Please also consider the addition of GitHub Issue #283 to the list of issues that we would like

Oct 7

Ben Wilson, … Matt Palmer17

Oct 1

Proposal for an Interim Policy to Address Delayed Revocation

On Tue, Oct 01, 2024 at 12:26:08PM +0000, Sandy Balzer wrote: > Dear Ben, > > Thanks a lot

unread,

Proposal for an Interim Policy to Address Delayed Revocation

On Tue, Oct 01, 2024 at 12:26:08PM +0000, Sandy Balzer wrote: > Dear Ben, > > Thanks a lot

Oct 1

Hanno Böck, … Amir Omidi11

Sep 16

IANA whois information

A ballot has been introduced removing these problematic DCV methods: https://lists.cabforum.org/

unread,

IANA whois information

A ballot has been introduced removing these problematic DCV methods: https://lists.cabforum.org/

Sep 16

Tyrel, … Wayne11

Sep 13

Sources of Domain Contact Information?

Perhaps the many CAs who are not using WHOIS would be able to help. If they were impacted, when would

unread,

Sources of Domain Contact Information?

Perhaps the many CAs who are not using WHOIS would be able to help. If they were impacted, when would

Sep 13

Sep 13

UK VAT Groups and subject:organizationIdentifier

Hi all, Following on from discoveries in Bugzilla on the non-uniqueness of subject:

unread,

UK VAT Groups and subject:organizationIdentifier

Hi all, Following on from discoveries in Bugzilla on the non-uniqueness of subject:

Sep 13

Watson Ladd, Suchan Seo2

Sep 12

Aberrant bits in certificates (location edition)

sent it as private message by mistake, writeing it again; there is possablity of someone else

unread,

Aberrant bits in certificates (location edition)

sent it as private message by mistake, writeing it again; there is possablity of someone else

Sep 12

Stephen Davidson

Sep 4

Multi Perspective Issuance Corroboration (MPIC) for S/MIME

The S/MIME Certificate Working Group (SMCWG) of the CA/Browser Forum is considering a change to the S

unread,

Multi Perspective Issuance Corroboration (MPIC) for S/MIME

The S/MIME Certificate Working Group (SMCWG) of the CA/Browser Forum is considering a change to the S

Sep 4

Tim Hollebeek, … Tobias S. Josefowitz37

Aug 13

Feasibility of a binding commitment to revoke before issuance

On Fri, 9 Aug 2024, moz...@eigenvector.org.uk wrote: > The point of the Web PKI is to convey a

unread,

Feasibility of a binding commitment to revoke before issuance

On Fri, 9 Aug 2024, moz...@eigenvector.org.uk wrote: > The point of the Web PKI is to convey a

Aug 13

Jesper Kristensen, Walt2

Aug 10

Support for quick certificate replacement in subscriber tooling

Caddy absolutely does support ARI as of 2.8.0. I'd argue that it also doesn't need to try to

unread,

Support for quick certificate replacement in subscriber tooling

Caddy absolutely does support ARI as of 2.8.0. I'd argue that it also doesn't need to try to

Aug 10

Ben Wilson, … Wayne93

Aug 5

Recent Entrust Compliance Incidents

Hi Matt, You answered my thoughts on BR applicability in your last paragraph. I don't mean to say

unread,

Recent Entrust Compliance Incidents

Hi Matt, You answered my thoughts on BR applicability in your last paragraph. I don't mean to say

Aug 5

Watson Ladd, … Amir Omidi5

Aug 1

Lawyers, (no) Guns, and Money and the CA system

There is an argument to be made that every other CA should definitely look into their legal playbooks

unread,

Lawyers, (no) Guns, and Money and the CA system

There is an argument to be made that every other CA should definitely look into their legal playbooks

Aug 1

Ben Wilson, … Bruce Morton3

Jul 31

Mozilla's Decision on Entrust's Root CA Certificates used for TLS

Ben, we are disappointed by this decision but want to reaffirm Entrust's commitment to continued

unread,

Mozilla's Decision on Entrust's Root CA Certificates used for TLS

Ben, we are disappointed by this decision but want to reaffirm Entrust's commitment to continued

Jul 31

Rob Stradling, … Mike Shaver5

Jul 30

pkimetal - A PKI Meta-Linter

Hi Ben. I forget exactly what prompt I gave the image generator, but it's supposed to be a

unread,

pkimetal - A PKI Meta-Linter

Hi Ben. I forget exactly what prompt I gave the image generator, but it's supposed to be a

Jul 30

Jul 24

Reminder: Mozilla's Community Participation Guidelines and Bugzilla Etiquette

Dear Community Members, As part of our ongoing commitment to fostering a respectful and productive

unread,

Reminder: Mozilla's Community Participation Guidelines and Bugzilla Etiquette

Dear Community Members, As part of our ongoing commitment to fostering a respectful and productive

Jul 24

Jul 16

Phasing out Legacy S/MIME Certificates

Greetings, I am writing to you as a reminder regarding future compliance of S/MIME certificates with

unread,

Phasing out Legacy S/MIME Certificates

Greetings, I am writing to you as a reminder regarding future compliance of S/MIME certificates with

Jul 16

Ben Wilson, … Mitsuyoshi Tamura8

Jul 11

Intent to Approve Cybertrust / JCSI Japan Root Inclusions

Thanks for reconfirming. I should have noted in my initial post that these three roots are just for

unread,

Intent to Approve Cybertrust / JCSI Japan Root Inclusions

Thanks for reconfirming. I should have noted in my initial post that these three roots are just for

Jul 11

Jul 8

Disclosure of Advisory Role with Entrust

Community, I wanted to inform you that I've taken on another advisory role, this time with

unread,

Disclosure of Advisory Role with Entrust

Community, I wanted to inform you that I've taken on another advisory role, this time with

Jul 8

Ben Wilson, … Hao-Chun Li6

Jul 8

Approval of Taiwan CA's Root Inclusion Request

All, We appreciate the feedback and active participation from the community. After careful

unread,

Approval of Taiwan CA's Root Inclusion Request

All, We appreciate the feedback and active participation from the community. After careful

Jul 8

Jun 30

Draft "Lessons Learned" Wiki Page – Seeking Feedback

Dear Mozilla Community, I am pleased to announce the publication of a new resource aimed at enhancing

unread,

Draft "Lessons Learned" Wiki Page – Seeking Feedback

Dear Mozilla Community, I am pleased to announce the publication of a new resource aimed at enhancing

Jun 30

Mike Shaver, … Tyrel9

Jun 27

Mozilla delayed revocation incident expectations

Mike, While the existence of the delayed revocation protocol might make delayed revocation seem more

unread,

Mozilla delayed revocation incident expectations

Mike, While the existence of the delayed revocation protocol might make delayed revocation seem more

Jun 27

Arabella Barks, … Alvin Wang9

Jun 26

iPAddress certificate bypass DCV on port 80 or 443? Does it compliant BR?

Wang, Thank you for your clarification, and responsible attitude, Our community can be sure that

unread,

iPAddress certificate bypass DCV on port 80 or 443? Does it compliant BR?

Wang, Thank you for your clarification, and responsible attitude, Our community can be sure that

Jun 26

Ben Wilson, … Wayne4

Jun 25

Proposal for a 24-hour pause in Entrust Discussion

Hi Wayne, Thank you for your question. I was thinking that the pause would apply to all emails under

unread,

Proposal for a 24-hour pause in Entrust Discussion

Hi Wayne, Thank you for your question. I was thinking that the pause would apply to all emails under

Jun 25

Watson Ladd, Aaron Gable2

Jun 18

Fwd: Revocation necessity: subjective or objective

You were able to successfully post to pub...@ccadb.org: https://groups.google.com/a/ccadb.org/g/

unread,

Fwd: Revocation necessity: subjective or objective

You were able to successfully post to pub...@ccadb.org: https://groups.google.com/a/ccadb.org/g/

Jun 18

Aaron Gable, … Wayne5

Jun 14

Handling of inconsistencies between BRs, CPs, and CPSes

On Friday, June 14, 2024 at 6:54:03 PM UTC+1 Aaron Gable wrote: On Fri, Jun 14, 2024 at 9:44 AM Wayne

unread,

Handling of inconsistencies between BRs, CPs, and CPSes

On Friday, June 14, 2024 at 6:54:03 PM UTC+1 Aaron Gable wrote: On Fri, Jun 14, 2024 at 9:44 AM Wayne

Jun 14

Search

Clear search

Close search

Google apps

Main menu