dev-security-policy@mozilla.org

1–30 of 200

Welcome to the dev-security-policy group in which we discuss security-related policies, governance, and related topics; including discussion of Mozilla’s Root Store Policy and the NSS root certificate store.

Mailing List: dev-security-policy@mozilla.org
Web: https://groups.google.com/a/mozilla.org/g/dev-security-policy
Subscribe by using the button "Ask to join group" and complete the box "Reason for joining". Membership requests must provide context for your interest in joining the group. Requests without this information will be rejected.
Participation Guidelines: https://www.mozilla.org/about/governance/policies/participation/
Participants: https://wiki.mozilla.org/CA/Policy_Participants
Unsubscribe by sending email to: dev-security-policy+unsubscribe@mozilla.org
Previous archives (2009-2021): https://groups.google.com/g/mozilla.dev.security.policy
RSS feed: https://www.mail-archive.com/dev-security-policy@mozilla.org/maillist.xml

0 selected

Ian Carroll, … Clint Wilson19

Jun 2

Security concerns with the e-Tugra certificate authority

Hi Kurt, FWIW, these Root CA certificates have not been accepted into the Apple Root Program. Cheers,

unread,

Security concerns with the e-Tugra certificate authority

Hi Kurt, FWIW, these Root CA certificates have not been accepted into the Apple Root Program. Cheers,

Jun 2

May 31

Policy 2.9: Candidate Issues to Address in MRSP v. 2.9

All, There are currently 59 issues listed in GitHub related to the Mozilla Root Store Policy (MRSP),

unread,

Policy 2.9: Candidate Issues to Address in MRSP v. 2.9

All, There are currently 59 issues listed in GitHub related to the Mozilla Root Store Policy (MRSP),

May 31

Thomas Zermeno, passerby1842

May 31

Lessons Learned for Audit Scope when Cross - Certified

looks like google group ate the pictures. although they must be table in the link 2023년 6월 1일 목요일 오전

unread,

Lessons Learned for Audit Scope when Cross - Certified

looks like google group ate the pictures. although they must be table in the link 2023년 6월 1일 목요일 오전

May 31

May 30

CA/Browser Forum S/MIME Baseline Requirements

All, The CA/Browser Forum (CABF) has created a set of Baseline Requirements for publicly trusted S/

unread,

CA/Browser Forum S/MIME Baseline Requirements

All, The CA/Browser Forum (CABF) has created a set of Baseline Requirements for publicly trusted S/

May 30

Seo Suchan, … Phillip Hallam-Baker8

May 30

Is there a rule about root keys that already expired?

The WebPKI was built using the available technology of the day and the folk at Surety were

unread,

Is there a rule about root keys that already expired?

The WebPKI was built using the available technology of the day and the folk at Surety were

May 30

Kathleen Wilson23

May 16

Audit Reminder Email Summary - Intermediate Certificates

-------- Forwarded Message -------- Subject: Summary of May 2023 Outdated Audit Statements for

unread,

Audit Reminder Email Summary - Intermediate Certificates

-------- Forwarded Message -------- Subject: Summary of May 2023 Outdated Audit Statements for

May 16

Kathleen Wilson, … Matthias van de Meent30

May 16

Audit Reminder Email Summary - Root Certificates

-------- Forwarded Message -------- Subject: Summary of May 2023 Audit Reminder Emails Date: Tue, 16

unread,

Audit Reminder Email Summary - Root Certificates

-------- Forwarded Message -------- Subject: Summary of May 2023 Audit Reminder Emails Date: Tue, 16

May 16

May 5

Root Inclusion Request of SSL.com

All, We recently concluded a six-week public discussion of SSL.com's request (Bugzilla #1799533

unread,

Root Inclusion Request of SSL.com

All, We recently concluded a six-week public discussion of SSL.com's request (Bugzilla #1799533

May 5

May 5

ATOS Trustcenter's Root Inclusion Request

All, ATOS Trustcenter has updated its CPS according to my suggestions. [1] [2] This is notice that I

unread,

ATOS Trustcenter's Root Inclusion Request

All, ATOS Trustcenter has updated its CPS according to my suggestions. [1] [2] This is notice that I

May 5

Daniel McCarney, Rob Stradling4

Apr 20

Broken CRL URLs in CCADB

Hi Rob, Thanks for your replies and for the improvements you've made, especially to crt.sh. Very

unread,

Broken CRL URLs in CCADB

Hi Rob, Thanks for your replies and for the improvements you've made, especially to crt.sh. Very

Apr 20

Ben Wilson, … Doug Beattie30

Apr 13

Proposed Updates to MRSP to Address Root CA Life Cycles

Hi Ben, We'd like to do some testing to see how cross certificates to Mozilla distrusted roots

unread,

Proposed Updates to MRSP to Address Root CA Life Cycles

Hi Ben, We'd like to do some testing to see how cross certificates to Mozilla distrusted roots

Apr 13

Kathleen Wilson, … Prof. Reardon48

Apr 12

DRAFT: Root Inclusion Considerations

Hello all: I want add my support for these inclusion considerations, these are excellent. I had some

unread,

DRAFT: Root Inclusion Considerations

Hello all: I want add my support for these inclusion considerations, these are excellent. I had some

Apr 12

Ben Wilson, … Kathleen Wilson30

Mar 16

Public Discussion re: Beijing CA (BJCA)

Thank you, Mark, for providing a great write-up to explain the situation more clearly! And thank you

unread,

Public Discussion re: Beijing CA (BJCA)

Thank you, Mark, for providing a great write-up to explain the situation more clearly! And thank you

Mar 16

Ben Wilson, Kurt Seifried5

Feb 6

CA Communication re: Mozilla Root Store Policy (MRSP) Version 2.8.1

The "P1-P5" in Bugzilla shows the current prioritization. The dashboard is located here -

unread,

CA Communication re: Mozilla Root Store Policy (MRSP) Version 2.8.1

The "P1-P5" in Bugzilla shows the current prioritization. The dashboard is located here -

Feb 6

Ben Wilson, … Aaron Gable5

Jan 30

MRSP Policy v. 2.8.1 Finalization

Hi Ben, No objection to a Feb 15th date from me, everything here looks good. Aaron On Tue, Jan 24,

unread,

MRSP Policy v. 2.8.1 Finalization

Hi Ben, No objection to a Feb 15th date from me, everything here looks good. Aaron On Tue, Jan 24,

Jan 30

Kathleen Wilson, … Jeffrey Walton5

Jan 23

spammers on MDSP

On Mon, Jan 23, 2023 at 12:33 PM Ben Wilson <bwi...@mozilla.com> wrote: > >

unread,

spammers on MDSP

On Mon, Jan 23, 2023 at 12:33 PM Ben Wilson <bwi...@mozilla.com> wrote: > >

Jan 23

Ben Wilson, … Clint Wilson14

Jan 23

Policy 2.8.1: MRSP Issue #256: Requirement that Partitioned CRLs include an Issuing Distribution Point extension

Hi Dimitris, The current expectation is described in the Apple Policy: Effective October 1, 2022, CA

unread,

Policy 2.8.1: MRSP Issue #256: Requirement that Partitioned CRLs include an Issuing Distribution Point extension

Hi Dimitris, The current expectation is described in the Apple Policy: Effective October 1, 2022, CA

Jan 23

Hanno Böck, … wael wael7

Jan 13

key with suspicious pattern

في الخميس، 15 ديسمبر 2022 في تمام الساعة 11:37:27 م UTC+2، كتب Stephan Verbücheln رسالة نصها: You can

unread,

key with suspicious pattern

في الخميس، 15 ديسمبر 2022 في تمام الساعة 11:37:27 م UTC+2، كتب Stephan Verbücheln رسالة نصها: You can

Jan 13

Prof. Reardon, … Rachel McPherson38

12/23/22

concerns about Trustcor

Serge, You guys found an (easily-explained) domain name, and then basically assumed the rest, and

unread,

concerns about Trustcor

Serge, You guys found an (easily-explained) domain name, and then basically assumed the rest, and

12/23/22

Ben Wilson, Kurt Seifried5

12/22/22

Root Inclusion Completeness Checks

Currently, I am very busy working on the CCADB updates. Maybe I can provide something in January.

unread,

Root Inclusion Completeness Checks

Currently, I am very busy working on the CCADB updates. Maybe I can provide something in January.

12/22/22

Ben Wilson, … John Han (hanyuwei70)4

12/16/22

Public Discussion of BJCA's CA inclusion request

Quickly reviewed their site, they are focused in digital signature, key management and crypto

unread,

Public Discussion of BJCA's CA inclusion request

Quickly reviewed their site, they are focused in digital signature, key management and crypto

12/16/22

Ben Wilson, Kurt Seifried4

12/10/22

Discussion of SERPRO Inclusion Request on CCADB Public

I think the problem is that I look at statements like: The person conducting initial information

unread,

Discussion of SERPRO Inclusion Request on CCADB Public

I think the problem is that I look at statements like: The person conducting initial information

12/10/22

Ben Wilson, Corey Bonnell2

12/8/22

Policy 2.8.1: MRSP Issue #251: Full CRL Publication Requirements

Hi Ben, I believe the proposed language would allow a CA to issue a certificate but not disclose any

unread,

Policy 2.8.1: MRSP Issue #251: Full CRL Publication Requirements

Hi Ben, I believe the proposed language would allow a CA to issue a certificate but not disclose any

12/8/22

Prof. Reardon, … Kurt Seifried7

12/8/22

concerns about Princeton Audit Group's auditing status

Hello: I have gotten information back from WebTrust. A company that is no longer listed means that

unread,

concerns about Princeton Audit Group's auditing status

Hello: I have gotten information back from WebTrust. A company that is no longer listed means that

12/8/22

Ben Wilson, Corey Bonnell2

12/7/22

Policy 2.8.1: MRSP Issue #253: CAs MUST specify BR 3.2.2.4 Methods

The proposed change to a MUST is a good one, as I understand that disclosing the BR method numbers of

unread,

Policy 2.8.1: MRSP Issue #253: CAs MUST specify BR 3.2.2.4 Methods

The proposed change to a MUST is a good one, as I understand that disclosing the BR method numbers of

12/7/22

12/6/22

Wiki Dashboards Down

All, The dashboards are up and running again. Thanks, Ben On Tue, Dec 6, 2022 at 2:21 PM Ben Wilson

unread,

Wiki Dashboards Down

All, The dashboards are up and running again. Thanks, Ben On Tue, Dec 6, 2022 at 2:21 PM Ben Wilson

12/6/22

Antonios Chariton, … passerby1845

12/2/22

CAA Records for IP Certificates

if they didn't open RDNS clients wouldn't allowed to override it: although I would say

unread,

CAA Records for IP Certificates

if they didn't open RDNS clients wouldn't allowed to override it: although I would say

12/2/22

11/28/22

Changes to the Mozilla CA Inclusion Dashboard

All, I have posted a question to the CCADB Public List regarding changes to the Mozilla certificate

unread,

Changes to the Mozilla CA Inclusion Dashboard

All, I have posted a question to the CCADB Public List regarding changes to the Mozilla certificate

11/28/22

Ben Wilson, … Melis ŞİMŞEK5

11/28/22

KamuSM request to Expand to .tr ccTLD

All, I am closing the public discussion phase regarding this request. I will be recommending approval

unread,

KamuSM request to Expand to .tr ccTLD

All, I am closing the public discussion phase regarding this request. I will be recommending approval

11/28/22

Ben Wilson, Aaron Poulsen5

11/22/22

Policy 2.8.1: Candidate Issues to Address in MRSP v. 2.8.1

All, I might try to get these in place before the end of 2022, but I think it's unlikely. While

unread,

Policy 2.8.1: Candidate Issues to Address in MRSP v. 2.8.1

All, I might try to get these in place before the end of 2022, but I think it's unlikely. While

11/22/22

Search

Clear search

Close search

Google apps

Main menu