Groups
Conversations
All groups and messages
Send feedback to Google
Help
Sign in
Groups
dev-security-policy@mozilla.org
Conversations
About
dev-security-policy@mozilla.org
1–30 of 200
Welcome to the dev-security-policy group in which we discuss security-related policies, governance, and related topics; including discussion of
Mozilla’s Root Store Policy
and the
NSS root certificate store
.
Mailing List:
dev-security-policy@mozilla.or
g
Web:
https://groups.google.com/a/mo
zilla.org/g/dev-security-polic
y
Subscribe by using the button "Ask to join group" and complete the box "Reason for joining".
Membership requests must provide context for your interest in joining the group. Requests without this information will be rejected.
Participation Guidelines:
https://www.mozilla.org/about/
governance/policies/participat
ion/
Participants:
https://wiki.mozilla.org/CA/Po
licy_Participants
Unsubscribe by sending email to:
dev-security-policy+unsubscrib
e@mozilla.org
Previous archives (2009-2021):
https://groups.google.com/g/mo
zilla.dev.security.policy
RSS feed:
https://www.mail-archive.com/d
ev-security-policy@mozilla.org
/maillist.xml
Mark all as read
Report abusive group
0 selected
Ian Carroll
, …
Clint Wilson
19
Jun 2
Security concerns with the e-Tugra certificate authority
Hi Kurt, FWIW, these Root CA certificates have not been accepted into the Apple Root Program. Cheers,
unread,
Security concerns with the e-Tugra certificate authority
Hi Kurt, FWIW, these Root CA certificates have not been accepted into the Apple Root Program. Cheers,
Jun 2
Ben Wilson
May 31
Policy 2.9: Candidate Issues to Address in MRSP v. 2.9
All, There are currently 59 issues listed in GitHub related to the Mozilla Root Store Policy (MRSP),
unread,
Policy 2.9: Candidate Issues to Address in MRSP v. 2.9
All, There are currently 59 issues listed in GitHub related to the Mozilla Root Store Policy (MRSP),
May 31
Thomas Zermeno
,
passerby184
2
May 31
Lessons Learned for Audit Scope when Cross - Certified
looks like google group ate the pictures. although they must be table in the link 2023년 6월 1일 목요일 오전
unread,
Lessons Learned for Audit Scope when Cross - Certified
looks like google group ate the pictures. although they must be table in the link 2023년 6월 1일 목요일 오전
May 31
Ben Wilson
May 30
CA/Browser Forum S/MIME Baseline Requirements
All, The CA/Browser Forum (CABF) has created a set of Baseline Requirements for publicly trusted S/
unread,
CA/Browser Forum S/MIME Baseline Requirements
All, The CA/Browser Forum (CABF) has created a set of Baseline Requirements for publicly trusted S/
May 30
Seo Suchan
, …
Phillip Hallam-Baker
8
May 30
Is there a rule about root keys that already expired?
The WebPKI was built using the available technology of the day and the folk at Surety were
unread,
Is there a rule about root keys that already expired?
The WebPKI was built using the available technology of the day and the folk at Surety were
May 30
Kathleen Wilson
23
May 16
Audit Reminder Email Summary - Intermediate Certificates
-------- Forwarded Message -------- Subject: Summary of May 2023 Outdated Audit Statements for
unread,
Audit Reminder Email Summary - Intermediate Certificates
-------- Forwarded Message -------- Subject: Summary of May 2023 Outdated Audit Statements for
May 16
Kathleen Wilson
, …
Matthias van de Meent
30
May 16
Audit Reminder Email Summary - Root Certificates
-------- Forwarded Message -------- Subject: Summary of May 2023 Audit Reminder Emails Date: Tue, 16
unread,
Audit Reminder Email Summary - Root Certificates
-------- Forwarded Message -------- Subject: Summary of May 2023 Audit Reminder Emails Date: Tue, 16
May 16
Ben Wilson
May 5
Root Inclusion Request of SSL.com
All, We recently concluded a six-week public discussion of SSL.com's request (Bugzilla #1799533
unread,
Root Inclusion Request of SSL.com
All, We recently concluded a six-week public discussion of SSL.com's request (Bugzilla #1799533
May 5
Ben Wilson
2
May 5
ATOS Trustcenter's Root Inclusion Request
All, ATOS Trustcenter has updated its CPS according to my suggestions. [1] [2] This is notice that I
unread,
ATOS Trustcenter's Root Inclusion Request
All, ATOS Trustcenter has updated its CPS according to my suggestions. [1] [2] This is notice that I
May 5
Daniel McCarney
,
Rob Stradling
4
Apr 20
Broken CRL URLs in CCADB
Hi Rob, Thanks for your replies and for the improvements you've made, especially to crt.sh. Very
unread,
Broken CRL URLs in CCADB
Hi Rob, Thanks for your replies and for the improvements you've made, especially to crt.sh. Very
Apr 20
Ben Wilson
, …
Doug Beattie
30
Apr 13
Proposed Updates to MRSP to Address Root CA Life Cycles
Hi Ben, We'd like to do some testing to see how cross certificates to Mozilla distrusted roots
unread,
Proposed Updates to MRSP to Address Root CA Life Cycles
Hi Ben, We'd like to do some testing to see how cross certificates to Mozilla distrusted roots
Apr 13
Kathleen Wilson
, …
Prof. Reardon
48
Apr 12
DRAFT: Root Inclusion Considerations
Hello all: I want add my support for these inclusion considerations, these are excellent. I had some
unread,
DRAFT: Root Inclusion Considerations
Hello all: I want add my support for these inclusion considerations, these are excellent. I had some
Apr 12
Ben Wilson
, …
Kathleen Wilson
30
Mar 16
Public Discussion re: Beijing CA (BJCA)
Thank you, Mark, for providing a great write-up to explain the situation more clearly! And thank you
unread,
Public Discussion re: Beijing CA (BJCA)
Thank you, Mark, for providing a great write-up to explain the situation more clearly! And thank you
Mar 16
Ben Wilson
,
Kurt Seifried
5
Feb 6
CA Communication re: Mozilla Root Store Policy (MRSP) Version 2.8.1
The "P1-P5" in Bugzilla shows the current prioritization. The dashboard is located here -
unread,
CA Communication re: Mozilla Root Store Policy (MRSP) Version 2.8.1
The "P1-P5" in Bugzilla shows the current prioritization. The dashboard is located here -
Feb 6
Ben Wilson
, …
Aaron Gable
5
Jan 30
MRSP Policy v. 2.8.1 Finalization
Hi Ben, No objection to a Feb 15th date from me, everything here looks good. Aaron On Tue, Jan 24,
unread,
MRSP Policy v. 2.8.1 Finalization
Hi Ben, No objection to a Feb 15th date from me, everything here looks good. Aaron On Tue, Jan 24,
Jan 30
Kathleen Wilson
, …
Jeffrey Walton
5
Jan 23
spammers on MDSP
On Mon, Jan 23, 2023 at 12:33 PM Ben Wilson <bwi...@mozilla.com> wrote: > >
unread,
spammers on MDSP
On Mon, Jan 23, 2023 at 12:33 PM Ben Wilson <bwi...@mozilla.com> wrote: > >
Jan 23
Ben Wilson
, …
Clint Wilson
14
Jan 23
Policy 2.8.1: MRSP Issue #256: Requirement that Partitioned CRLs include an Issuing Distribution Point extension
Hi Dimitris, The current expectation is described in the Apple Policy: Effective October 1, 2022, CA
unread,
Policy 2.8.1: MRSP Issue #256: Requirement that Partitioned CRLs include an Issuing Distribution Point extension
Hi Dimitris, The current expectation is described in the Apple Policy: Effective October 1, 2022, CA
Jan 23
Hanno Böck
, …
wael wael
7
Jan 13
key with suspicious pattern
في الخميس، 15 ديسمبر 2022 في تمام الساعة 11:37:27 م UTC+2، كتب Stephan Verbücheln رسالة نصها: You can
unread,
key with suspicious pattern
في الخميس، 15 ديسمبر 2022 في تمام الساعة 11:37:27 م UTC+2، كتب Stephan Verbücheln رسالة نصها: You can
Jan 13
Prof. Reardon
, …
Rachel McPherson
38
12/23/22
concerns about Trustcor
Serge, You guys found an (easily-explained) domain name, and then basically assumed the rest, and
unread,
concerns about Trustcor
Serge, You guys found an (easily-explained) domain name, and then basically assumed the rest, and
12/23/22
Ben Wilson
,
Kurt Seifried
5
12/22/22
Root Inclusion Completeness Checks
Currently, I am very busy working on the CCADB updates. Maybe I can provide something in January.
unread,
Root Inclusion Completeness Checks
Currently, I am very busy working on the CCADB updates. Maybe I can provide something in January.
12/22/22
Ben Wilson
, …
John Han (hanyuwei70)
4
12/16/22
Public Discussion of BJCA's CA inclusion request
Quickly reviewed their site, they are focused in digital signature, key management and crypto
unread,
Public Discussion of BJCA's CA inclusion request
Quickly reviewed their site, they are focused in digital signature, key management and crypto
12/16/22
Ben Wilson
,
Kurt Seifried
4
12/10/22
Discussion of SERPRO Inclusion Request on CCADB Public
I think the problem is that I look at statements like: The person conducting initial information
unread,
Discussion of SERPRO Inclusion Request on CCADB Public
I think the problem is that I look at statements like: The person conducting initial information
12/10/22
Ben Wilson
,
Corey Bonnell
2
12/8/22
Policy 2.8.1: MRSP Issue #251: Full CRL Publication Requirements
Hi Ben, I believe the proposed language would allow a CA to issue a certificate but not disclose any
unread,
Policy 2.8.1: MRSP Issue #251: Full CRL Publication Requirements
Hi Ben, I believe the proposed language would allow a CA to issue a certificate but not disclose any
12/8/22
Prof. Reardon
, …
Kurt Seifried
7
12/8/22
concerns about Princeton Audit Group's auditing status
Hello: I have gotten information back from WebTrust. A company that is no longer listed means that
unread,
concerns about Princeton Audit Group's auditing status
Hello: I have gotten information back from WebTrust. A company that is no longer listed means that
12/8/22
Ben Wilson
,
Corey Bonnell
2
12/7/22
Policy 2.8.1: MRSP Issue #253: CAs MUST specify BR 3.2.2.4 Methods
The proposed change to a MUST is a good one, as I understand that disclosing the BR method numbers of
unread,
Policy 2.8.1: MRSP Issue #253: CAs MUST specify BR 3.2.2.4 Methods
The proposed change to a MUST is a good one, as I understand that disclosing the BR method numbers of
12/7/22
Ben Wilson
2
12/6/22
Wiki Dashboards Down
All, The dashboards are up and running again. Thanks, Ben On Tue, Dec 6, 2022 at 2:21 PM Ben Wilson
unread,
Wiki Dashboards Down
All, The dashboards are up and running again. Thanks, Ben On Tue, Dec 6, 2022 at 2:21 PM Ben Wilson
12/6/22
Antonios Chariton
, …
passerby184
5
12/2/22
CAA Records for IP Certificates
if they didn't open RDNS clients wouldn't allowed to override it: although I would say
unread,
CAA Records for IP Certificates
if they didn't open RDNS clients wouldn't allowed to override it: although I would say
12/2/22
Ben Wilson
11/28/22
Changes to the Mozilla CA Inclusion Dashboard
All, I have posted a question to the CCADB Public List regarding changes to the Mozilla certificate
unread,
Changes to the Mozilla CA Inclusion Dashboard
All, I have posted a question to the CCADB Public List regarding changes to the Mozilla certificate
11/28/22
Ben Wilson
, …
Melis ŞİMŞEK
5
11/28/22
KamuSM request to Expand to .tr ccTLD
All, I am closing the public discussion phase regarding this request. I will be recommending approval
unread,
KamuSM request to Expand to .tr ccTLD
All, I am closing the public discussion phase regarding this request. I will be recommending approval
11/28/22
Ben Wilson
,
Aaron Poulsen
5
11/22/22
Policy 2.8.1: Candidate Issues to Address in MRSP v. 2.8.1
All, I might try to get these in place before the end of 2022, but I think it's unlikely. While
unread,
Policy 2.8.1: Candidate Issues to Address in MRSP v. 2.8.1
All, I might try to get these in place before the end of 2022, but I think it's unlikely. While
11/22/22