dev-security-policy@mozilla.org

Contact owners and managers

1–30 of 230

Welcome to the dev-security-policy group in which we discuss security-related policies, governance, and related topics; including discussion of Mozilla’s Root Store Policy and the NSS root certificate store.

Mailing List: dev-security-policy@mozilla.org
Web: https://groups.google.com/a/mozilla.org/g/dev-security-policy
Subscribe by using the button "Ask to join group" and complete the box "Reason for joining". Membership requests must provide context for your interest in joining the group. Requests without this information will be rejected.
Participation Guidelines: https://www.mozilla.org/about/governance/policies/participation/
Participants: https://wiki.mozilla.org/CA/Policy_Participants
Unsubscribe by sending email to: dev-security-policy+unsubscribe@mozilla.org
Previous archives (2009-2021): https://groups.google.com/g/mozilla.dev.security.policy
RSS feed: https://www.mail-archive.com/dev-security-policy@mozilla.org/maillist.xml

0 selected

Phil Porada, … Antonios Chariton19

6:13 PM

Let's Encrypt New Intermediate Certificates

Hello everyone, I'd also like to jump in the conversation and say that I believe Let's

unread,

Let's Encrypt New Intermediate Certificates

Hello everyone, I'd also like to jump in the conversation and say that I believe Let's

6:13 PM

Dec 4

Shared wildcard certificate in EV chargers

Hello, I wanted to share an incident with shared certificates and keys on EV charger devices. I

unread,

Shared wildcard certificate in EV chargers

Hello, I wanted to share an incident with shared certificates and keys on EV charger devices. I

Dec 4

Aaron Gable, … Ryan Hurst6

Dec 1

CP/CPS intra-document cross-references

Having read more, CP/CPS is in my life, and I cared to admit to it is my opinion that better to not

unread,

CP/CPS intra-document cross-references

Having read more, CP/CPS is in my life, and I cared to admit to it is my opinion that better to not

Dec 1

Ben Wilson, … Roman Fischer6

Nov 23

Improvements to Vulnerability Disclosure wiki page

Dear Ben, Thanks for the effort you put into this and especially to align the markdown template to

unread,

Improvements to Vulnerability Disclosure wiki page

Dear Ben, Thanks for the effort you put into this and especially to align the markdown template to

Nov 23

Kathleen Wilson29

Nov 21

Audit Reminder Email Summary - Intermediate Certificates

-------- Forwarded Message -------- Subject: Summary of November 2023 Outdated Audit Statements for

unread,

Audit Reminder Email Summary - Intermediate Certificates

-------- Forwarded Message -------- Subject: Summary of November 2023 Outdated Audit Statements for

Nov 21

Kathleen Wilson, … Matthias van de Meent36

Nov 21

Audit Reminder Email Summary - Root Certificates

-------- Forwarded Message -------- Subject: Summary of November 2023 Audit Reminder Emails Date: Tue

unread,

Audit Reminder Email Summary - Root Certificates

-------- Forwarded Message -------- Subject: Summary of November 2023 Audit Reminder Emails Date: Tue

Nov 21

Oct 17

Updated Incident Reporting Requirements

All, The framework for reporting compliance incidents has been updated on the CCADB website. See

unread,

Updated Incident Reporting Requirements

All, The framework for reporting compliance incidents has been updated on the CCADB website. See

Oct 17

Oct 13

Intent to Approve Commscope's CA Inclusion Request

All, We recently concluded a 6-week public discussion on the CCADB list of the request for inclusion

unread,

Intent to Approve Commscope's CA Inclusion Request

All, We recently concluded a 6-week public discussion on the CCADB list of the request for inclusion

Oct 13

Sep 27

MRSP 2.9: Survey Results - August 2023 CA Communication and Survey

Here are summaries of questions and comments and our responses. Summary of Questions or Concerns

unread,

MRSP 2.9: Survey Results - August 2023 CA Communication and Survey

Here are summaries of questions and comments and our responses. Summary of Questions or Concerns

Sep 27

Kathleen Wilson2

Sep 20

Ownership change for Mozilla CA Certificate Policy module

The module ownership has been updated. https://wiki.mozilla.org/Modules/All#Governance_Sub_Modules

unread,

Ownership change for Mozilla CA Certificate Policy module

The module ownership has been updated. https://wiki.mozilla.org/Modules/All#Governance_Sub_Modules

Sep 20

Sep 18

Blog Post About Mozilla Root Store Policy Version 2.9

All, Recently, I posted on the Mozilla Security Blog a brief overview of updates to the Mozilla Root

unread,

Blog Post About Mozilla Root Store Policy Version 2.9

All, Recently, I posted on the Mozilla Security Blog a brief overview of updates to the Mozilla Root

Sep 18

Aug 29

MRSP 2.9: Draft CA Communication and Survey

All, This August 2023 CA Communication and Survey was sent out to CAs already in our program last

unread,

MRSP 2.9: Draft CA Communication and Survey

All, This August 2023 CA Communication and Survey was sent out to CAs already in our program last

Aug 29

Tim Hollebeek, Aaron Poulsen2

Aug 18

Mozilla Policy 2.9, section 3.1.4 and CCADB policy section 5.1

I do not feel this point it nitpicky. Externally-referenced documents increase the compliance burden

unread,

Mozilla Policy 2.9, section 3.1.4 and CCADB policy section 5.1

I do not feel this point it nitpicky. Externally-referenced documents increase the compliance burden

Aug 18

Ben Wilson, … Christophe Bonjean8

Aug 18

MRSP 2.9: S/MIME BRs and Audits

All, The language decided upon for item 3 of MRSP section 1.1 (Scope of MRSP for end entity

unread,

MRSP 2.9: S/MIME BRs and Audits

All, The language decided upon for item 3 of MRSP section 1.1 (Scope of MRSP for end entity

Aug 18

Aug 18

MRSP 2.9: Issues 261, 263 and 267, Miscellaneous Clarifications and Corrections

All, I don't believe we received any comments or questions, and the proposed changes have been

unread,

MRSP 2.9: Issues 261, 263 and 267, Miscellaneous Clarifications and Corrections

All, I don't believe we received any comments or questions, and the proposed changes have been

Aug 18

Aug 18

MRSP 2.9: Issue #250: Clarify MRSP 5.3.2 to expressly include revoked CA certificates

All, Here is the currently proposed language for the first paragraph of MRSP section 5.3.2: The

unread,

MRSP 2.9: Issue #250: Clarify MRSP 5.3.2 to expressly include revoked CA certificates

All, Here is the currently proposed language for the first paragraph of MRSP section 5.3.2: The

Aug 18

Ben Wilson, Pedro Fuentes5

Aug 18

MRSP 2.9: Issue #239: Audit Statement Content

All, In response to Tim Hollebeek's recent email on this topic (https://groups.google.com/a/

unread,

MRSP 2.9: Issue #239: Audit Statement Content

All, In response to Tim Hollebeek's recent email on this topic (https://groups.google.com/a/

Aug 18

Aug 18

MRSP 2.9: Issue #254: Harmonize CRL Reason Codes with CA/B Forum Revocation Reasons

All, Here are those changes as proposed in the previous email on this topic. https://github.com/

unread,

MRSP 2.9: Issue #254: Harmonize CRL Reason Codes with CA/B Forum Revocation Reasons

All, Here are those changes as proposed in the previous email on this topic. https://github.com/

Aug 18

Aug 17

TrustAsia CA Root Inclusion Request

All, Public discussion concluded yesterday, August 16th, on the CCADB Public List, for

unread,

TrustAsia CA Root Inclusion Request

All, Public discussion concluded yesterday, August 16th, on the CCADB Public List, for

Aug 17

Phil Porada, … Corey Bonnell10

Aug 9

Unrestricted cross-signed Subordinate CA profile questions

The existence of this end-run around the system is why the current version of the BRs says "

unread,

Unrestricted cross-signed Subordinate CA profile questions

The existence of this end-run around the system is why the current version of the BRs says "

Aug 9

Aug 9

MRSP 2.9: Final Review of MRSP 2.9

All, Over the past couple of weeks (after my previous email on July 27), I have made additional

unread,

MRSP 2.9: Final Review of MRSP 2.9

All, Over the past couple of weeks (after my previous email on July 27), I have made additional

Aug 9

Watson Ladd, … Rob Stradling14

Aug 3

Minimum issuance volume for established CAs?

> Why is this compression scheme likely to take off when there was no interest in pursuing my

unread,

Minimum issuance volume for established CAs?

> Why is this compression scheme likely to take off when there was no interest in pursuing my

Aug 3

Seo Suchan, Corey Bonnell2

Jul 31

delegated additional domain validation lookup

Hi Seo, A CA must fulfill its obligation to perform domain validation as defined in BR 3.2.2.4 using

unread,

delegated additional domain validation lookup

Hi Seo, A CA must fulfill its obligation to perform domain validation as defined in BR 3.2.2.4 using

Jul 31

Jul 28

MRSP 2.9: S/MIME BRs Transition Timeline

Greetings again, This has been posted on our CA wiki page of transition instructions related to CA

unread,

MRSP 2.9: S/MIME BRs Transition Timeline

Greetings again, This has been posted on our CA wiki page of transition instructions related to CA

Jul 28

Ben Wilson, … Pedro Fuentes14

Jul 28

MRSP 2.9: Issue #123: Annual Compliance Self-Assessment

Hello. OK. I see your point. I was thinking on the end date of the audit report that was uploaded.

unread,

MRSP 2.9: Issue #123: Annual Compliance Self-Assessment

Hello. OK. I see your point. I was thinking on the end date of the audit report that was uploaded.

Jul 28

Ben Wilson, … Roman Fischer4

Jul 26

MRSP 2.9: Issues #252 and #266 - Incident Reporting

All, We have created a draft wiki page to explain vulnerability disclosure being proposed for v. 2.9

unread,

MRSP 2.9: Issues #252 and #266 - Incident Reporting

All, We have created a draft wiki page to explain vulnerability disclosure being proposed for v. 2.9

Jul 26

Ben Wilson, Rob Stradling3

Jul 26

MRSP 2.9: Issue#232: Root CA Lifecycles

Thanks, Rob. I'll change it to a strong SHOULD. Ben On Wed, Jul 26, 2023 at 10:09 AM Rob

unread,

MRSP 2.9: Issue#232: Root CA Lifecycles

Thanks, Rob. I'll change it to a strong SHOULD. Ben On Wed, Jul 26, 2023 at 10:09 AM Rob

Jul 26

Jul 19

S/MIME BR Transition Wiki Page

All, I have created a wiki page (https://wiki.mozilla.org/CA/Transition_SMIME_BRs) to address

unread,

S/MIME BR Transition Wiki Page

All, I have created a wiki page (https://wiki.mozilla.org/CA/Transition_SMIME_BRs) to address

Jul 19

Ben Wilson, … Cynthia Revström10

Jul 14

Review of e-Tugra's Inclusion in Mozilla’s Root Store

Hi Israr, First of all, I do not represent Mozilla in any way but I want to clarify that the decision

unread,

Review of e-Tugra's Inclusion in Mozilla’s Root Store

Hi Israr, First of all, I do not represent Mozilla in any way but I want to clarify that the decision

Jul 14

John Han (hanyuwei70), … Jesper Kristensen52

Jun 27

RCE used by Intermediate CA to issue certificates.

Den man. 19. jun. 2023 kl. 21.24 skrev Thomas Zermeno <madca...@gmail.com>: This is to

unread,

RCE used by Intermediate CA to issue certificates.

Den man. 19. jun. 2023 kl. 21.24 skrev Thomas Zermeno <madca...@gmail.com>: This is to

Jun 27

Search

Clear search

Close search

Google apps

Main menu