dev-security-policy@mozilla.org

1–30 of 191

Welcome to the dev-security-policy group in which we discuss security-related policies, governance, and related topics; including discussion of Mozilla’s Root Store Policy and the NSS root certificate store.

Mailing List: dev-security-policy@mozilla.org
Web: https://groups.google.com/a/mozilla.org/g/dev-security-policy
Subscribe by sending email to: dev-security-policy+subscribe@mozilla.org. Membership requests must provide context for your interest in joining the group. Requests without this information will be rejected.
Unsubscribe by sending email to: dev-security-policy+unsubscribe@mozilla.org
Previous archives: https://groups.google.com/g/mozilla.dev.security.policy
RSS feed: https://www.mail-archive.com/dev-security-policy@mozilla.org/maillist.xml

0 selected

Ben Wilson, … BJCA6

Jan 26

Public Discussion re: Beijing CA (BJCA)

Thanks. Happy New Year. Sorry, the Spring Festival holiday delayed some time. BJCA separates and

unread,

Public Discussion re: Beijing CA (BJCA)

Thanks. Happy New Year. Sorry, the Spring Festival holiday delayed some time. BJCA separates and

Jan 26

Ben Wilson, … Roman Fischer29

Jan 25

Proposed Updates to MRSP to Address Root CA Life Cycles

All, I've posted this draft section 7.4 to the Mozilla wiki - https://wiki.mozilla.org/CA/

unread,

Proposed Updates to MRSP to Address Root CA Life Cycles

All, I've posted this draft section 7.4 to the Mozilla wiki - https://wiki.mozilla.org/CA/

Jan 25

Ben Wilson, Kurt Seifried4

Jan 24

MRSP Policy v. 2.8.1 Finalization

Hi, I haven't had anyone ask about the proposed effective date of this version 2.8.1. I don't

unread,

MRSP Policy v. 2.8.1 Finalization

Hi, I haven't had anyone ask about the proposed effective date of this version 2.8.1. I don't

Jan 24

Kathleen Wilson, … Jeffrey Walton5

Jan 23

spammers on MDSP

On Mon, Jan 23, 2023 at 12:33 PM Ben Wilson <bwi...@mozilla.com> wrote: > >

unread,

spammers on MDSP

On Mon, Jan 23, 2023 at 12:33 PM Ben Wilson <bwi...@mozilla.com> wrote: > >

Jan 23

Ben Wilson, … Clint Wilson14

Jan 23

Policy 2.8.1: MRSP Issue #256: Requirement that Partitioned CRLs include an Issuing Distribution Point extension

Hi Dimitris, The current expectation is described in the Apple Policy: Effective October 1, 2022, CA

unread,

Policy 2.8.1: MRSP Issue #256: Requirement that Partitioned CRLs include an Issuing Distribution Point extension

Hi Dimitris, The current expectation is described in the Apple Policy: Effective October 1, 2022, CA

Jan 23

Kathleen Wilson, … Matthias van de Meent26

Jan 18

Audit Reminder Email Summary - Root Certificates

-------- Forwarded Message -------- Subject: Summary of January 2023 Audit Reminder Emails Date: Tue,

unread,

Audit Reminder Email Summary - Root Certificates

-------- Forwarded Message -------- Subject: Summary of January 2023 Audit Reminder Emails Date: Tue,

Jan 18

Hanno Böck, … wael wael7

Jan 13

key with suspicious pattern

في الخميس، 15 ديسمبر 2022 في تمام الساعة 11:37:27 م UTC+2، كتب Stephan Verbücheln رسالة نصها: You can

unread,

key with suspicious pattern

في الخميس، 15 ديسمبر 2022 في تمام الساعة 11:37:27 م UTC+2، كتب Stephan Verbücheln رسالة نصها: You can

Jan 13

Kathleen Wilson19

Jan 3

Audit Reminder Email Summary - Intermediate Certificates

-------- Forwarded Message -------- Subject: Summary of December 2022 Outdated Audit Statements for

unread,

Audit Reminder Email Summary - Intermediate Certificates

-------- Forwarded Message -------- Subject: Summary of December 2022 Outdated Audit Statements for

Jan 3

Prof. Reardon, … Rachel McPherson38

12/23/22

concerns about Trustcor

Serge, You guys found an (easily-explained) domain name, and then basically assumed the rest, and

unread,

concerns about Trustcor

Serge, You guys found an (easily-explained) domain name, and then basically assumed the rest, and

12/23/22

Ben Wilson, Kurt Seifried5

12/22/22

Root Inclusion Completeness Checks

Currently, I am very busy working on the CCADB updates. Maybe I can provide something in January.

unread,

Root Inclusion Completeness Checks

Currently, I am very busy working on the CCADB updates. Maybe I can provide something in January.

12/22/22

Ben Wilson, … John Han (hanyuwei70)4

12/16/22

Public Discussion of BJCA's CA inclusion request

Quickly reviewed their site, they are focused in digital signature, key management and crypto

unread,

Public Discussion of BJCA's CA inclusion request

Quickly reviewed their site, they are focused in digital signature, key management and crypto

12/16/22

Ben Wilson, Kurt Seifried4

12/10/22

Discussion of SERPRO Inclusion Request on CCADB Public

I think the problem is that I look at statements like: The person conducting initial information

unread,

Discussion of SERPRO Inclusion Request on CCADB Public

I think the problem is that I look at statements like: The person conducting initial information

12/10/22

Ben Wilson, Corey Bonnell2

12/8/22

Policy 2.8.1: MRSP Issue #251: Full CRL Publication Requirements

Hi Ben, I believe the proposed language would allow a CA to issue a certificate but not disclose any

unread,

Policy 2.8.1: MRSP Issue #251: Full CRL Publication Requirements

Hi Ben, I believe the proposed language would allow a CA to issue a certificate but not disclose any

12/8/22

Prof. Reardon, … Kurt Seifried7

12/8/22

concerns about Princeton Audit Group's auditing status

Hello: I have gotten information back from WebTrust. A company that is no longer listed means that

unread,

concerns about Princeton Audit Group's auditing status

Hello: I have gotten information back from WebTrust. A company that is no longer listed means that

12/8/22

Ben Wilson, Corey Bonnell2

12/7/22

Policy 2.8.1: MRSP Issue #253: CAs MUST specify BR 3.2.2.4 Methods

The proposed change to a MUST is a good one, as I understand that disclosing the BR method numbers of

unread,

Policy 2.8.1: MRSP Issue #253: CAs MUST specify BR 3.2.2.4 Methods

The proposed change to a MUST is a good one, as I understand that disclosing the BR method numbers of

12/7/22

12/6/22

Wiki Dashboards Down

All, The dashboards are up and running again. Thanks, Ben On Tue, Dec 6, 2022 at 2:21 PM Ben Wilson

unread,

Wiki Dashboards Down

All, The dashboards are up and running again. Thanks, Ben On Tue, Dec 6, 2022 at 2:21 PM Ben Wilson

12/6/22

Antonios Chariton, … passerby1845

12/2/22

CAA Records for IP Certificates

if they didn't open RDNS clients wouldn't allowed to override it: although I would say

unread,

CAA Records for IP Certificates

if they didn't open RDNS clients wouldn't allowed to override it: although I would say

12/2/22

11/28/22

Changes to the Mozilla CA Inclusion Dashboard

All, I have posted a question to the CCADB Public List regarding changes to the Mozilla certificate

unread,

Changes to the Mozilla CA Inclusion Dashboard

All, I have posted a question to the CCADB Public List regarding changes to the Mozilla certificate

11/28/22

Ben Wilson, … Melis ŞİMŞEK5

11/28/22

KamuSM request to Expand to .tr ccTLD

All, I am closing the public discussion phase regarding this request. I will be recommending approval

unread,

KamuSM request to Expand to .tr ccTLD

All, I am closing the public discussion phase regarding this request. I will be recommending approval

11/28/22

Ian Carroll, … Peter Gutmann12

11/28/22

Security concerns with the e-Tugra certificate authority

Ian Carroll <i...@ian.sh> writes: >There are many statements about M of N, HSM access, etc

unread,

Security concerns with the e-Tugra certificate authority

Ian Carroll <i...@ian.sh> writes: >There are many statements about M of N, HSM access, etc

11/28/22

Ben Wilson, Aaron Poulsen5

11/22/22

Policy 2.8.1: Candidate Issues to Address in MRSP v. 2.8.1

All, I might try to get these in place before the end of 2022, but I think it's unlikely. While

unread,

Policy 2.8.1: Candidate Issues to Address in MRSP v. 2.8.1

All, I might try to get these in place before the end of 2022, but I think it's unlikely. While

11/22/22

11/21/22

New whiteboard tags for incidents reported on Bugzilla

All, Also, to keep the discussion clean and simple, just post your suggestions and recommendations to

unread,

New whiteboard tags for incidents reported on Bugzilla

All, Also, to keep the discussion clean and simple, just post your suggestions and recommendations to

11/21/22

Ben Wilson, … Matthias van de Meent7

11/18/22

Policy 2.8.1: MRSP Issue #249: Clarification re: all CPs and CPSes

Hi Matthias, Thanks for the clarification. So, I think the goal is (and the language might have to be

unread,

Policy 2.8.1: MRSP Issue #249: Clarification re: all CPs and CPSes

Hi Matthias, Thanks for the clarification. So, I think the goal is (and the language might have to be

11/18/22

Ben Wilson, … Ryan Dickson10

11/17/22

Policy 2.8.1: MRSP Issue #243: Update periods for CPs and CPSes

Hi Rufus, A CA's CP represents commitments by its owners regarding minimum expectations related

unread,

Policy 2.8.1: MRSP Issue #243: Update periods for CPs and CPSes

Hi Rufus, A CA's CP represents commitments by its owners regarding minimum expectations related

11/17/22

11/15/22

Policy 2.8.1: MRSP Issue #257: Requiring CAs to follow Discussions on the CCADB Public List

All, This discussion thread relates to Issue #257 in the Mozilla PKI Policy repository on GitHub. The

unread,

Policy 2.8.1: MRSP Issue #257: Requiring CAs to follow Discussions on the CCADB Public List

All, This discussion thread relates to Issue #257 in the Mozilla PKI Policy repository on GitHub. The

11/15/22

Kathleen Wilson, … Rob Stradling6

11/14/22

Creating 'CA Program' Bugzilla Product

These changes have been completed, and the existing bugs for the following components have been

unread,

Creating 'CA Program' Bugzilla Product

These changes have been completed, and the existing bugs for the following components have been

11/14/22

Kathleen Wilson2

11/14/22

CCADB Update: Changing Audit Reminder Email Templates and Logic

These changes are in CCADB production, and the first audit reminders based on the new template/logic

unread,

CCADB Update: Changing Audit Reminder Email Templates and Logic

These changes are in CCADB production, and the first audit reminders based on the new template/logic

11/14/22

11/10/22

Updates for CCADB Public Discussion Process

All, I have edited some of the Mozilla wiki pages to clarify that public discussion of certificate

unread,

Updates for CCADB Public Discussion Process

All, I have edited some of the Mozilla wiki pages to clarify that public discussion of certificate

11/10/22

Tim Callan, Tim Callan2

11/10/22

Apocryphal root program requirements

The CCADB Steering Committee has opened a new forum for public trust matters that affect Certificate

unread,

Apocryphal root program requirements

The CCADB Steering Committee has opened a new forum for public trust matters that affect Certificate

11/10/22

Kathleen Wilson2

11/9/22

Announcing CCADB Public Group

All Primary POCs currently listed in the CCADB have been subscribed to the CCADB Public Group, and

unread,

Announcing CCADB Public Group

All Primary POCs currently listed in the CCADB have been subscribed to the CCADB Public Group, and

11/9/22

Search

Clear search

Close search

Google apps

Main menu