Groups keyboard shortcuts have been updated

Dismiss

See shortcuts

dev-security-policy@mozilla.org

1–30 of 311

Welcome to the dev-security-policy group in which we discuss security-related policies, governance, and related topics; including discussion of Mozilla’s Root Store Policy and the NSS root certificate store.

Mailing List: dev-security-policy@mozilla.org
Web: https://groups.google.com/a/mozilla.org/g/dev-security-policy
Subscribe by using the button "Ask to join group" and complete the box "Reason for joining". Membership requests must provide context for your interest in joining the group. Requests without this information will be rejected.
Participation Guidelines: https://www.mozilla.org/about/governance/policies/participation/
Participants: https://wiki.mozilla.org/CA/Policy_Participants
Unsubscribe by sending email to: dev-security-policy+unsubscribe@mozilla.org
Previous archives (2009-2021): https://groups.google.com/g/mozilla.dev.security.policy
RSS feed: https://www.mail-archive.com/dev-security-policy@mozilla.org/maillist.xml

0 selected

Ben Wilson, … Mike Shaver6

Apr 23

Mozilla CA Program Roundtable Discussion

For what it's worth, as someone who is not able to attend the scheduled times, I'm happy that

unread,

Mozilla CA Program Roundtable Discussion

For what it's worth, as someone who is not able to attend the scheduled times, I'm happy that

Apr 23

Ben Wilson, … Arabella Barks23

Apr 18

Postponement of Removal of Websites Trust Bit for ePKI Root CA

Greetings, I tested it in Firefox, and the website provided me with a certificate issued by

unread,

Postponement of Removal of Websites Trust Bit for ePKI Root CA

Greetings, I tested it in Firefox, and the website provided me with a certificate issued by

Apr 18

Ben Wilson, … 大野文彰4

Apr 1

MRSP 3.0: Published

Hello Ben-san, Thank you for your quick and courteous reply. We will prepare a report on how to post

unread,

MRSP 3.0: Published

Hello Ben-san, Thank you for your quick and courteous reply. We will prepare a report on how to post

Apr 1

Arabella Barks, … Aaron Gable14

Mar 25

Discussions on mechanism to enhance the Use of Digital Certificate Private Keys Similar to PwnedKeys

Possession of a CSR is not proof of compromise. For a quick demonstration, here are 45k CSRs which I

unread,

Discussions on mechanism to enhance the Use of Digital Certificate Private Keys Similar to PwnedKeys

Possession of a CSR is not proof of compromise. For a quick demonstration, here are 45k CSRs which I

Mar 25

Mar 12

Mozilla Security Blog Post on MRSP v. 3.0

All, Here is a recent blog post with MRSP v.3.0 as the main subject. https://blog.mozilla.org/

unread,

Mozilla Security Blog Post on MRSP v. 3.0

All, Here is a recent blog post with MRSP v.3.0 as the main subject. https://blog.mozilla.org/

Mar 12

Mar 11

Mass Revocation Planning Guidance

All, To assist CA operators in complying with MRSP section 6.1.3, I have started a wiki page to

unread,

Mass Revocation Planning Guidance

All, To assist CA operators in complying with MRSP section 6.1.3, I have started a wiki page to

Mar 11

Feb 20

Results of the Mozilla February 2025 CA Communication and Survey

All, Here are the responses to the Mozilla February 2025 CA Communication and Survey. The responses

unread,

Results of the Mozilla February 2025 CA Communication and Survey

All, Here are the responses to the Mozilla February 2025 CA Communication and Survey. The responses

Feb 20

Ben Wilson, … Jeremy Rowley7

Feb 19

MRSP 3.0: Survey Results and Status Update

All, I have renamed the previously-mentioned branch to Final Updates 3.0 (https://github.com/mozilla/

unread,

MRSP 3.0: Survey Results and Status Update

All, I have renamed the previously-mentioned branch to Final Updates 3.0 (https://github.com/mozilla/

Feb 19

Feb 18

Mass Revocation Incident Preparation and Testing Plan

Here is a non-normative template based on requests from CAs for guidance on the upcoming MRSP section

unread,

Mass Revocation Incident Preparation and Testing Plan

Here is a non-normative template based on requests from CAs for guidance on the upcoming MRSP section

Feb 18

Hanno Böck, … Pierre Barre17

Feb 16

Concerns about very-short-lived certificates

Subject: Professionalism and Constructive Discussion Matt, Your response crosses the line from

unread,

Concerns about very-short-lived certificates

Subject: Professionalism and Constructive Discussion Matt, Your response crosses the line from

Feb 16

Amir Omidi (aaomidi), … Entschew, Enrico4

Feb 12

d-trust data protection incident

Hi Hanno, I have inserted my answers further down in the text --> <-- and hope to contribute to

unread,

d-trust data protection incident

Hi Hanno, I have inserted my answers further down in the text --> <-- and hope to contribute to

Feb 12

Ben Wilson, … Tim Callan13

Feb 11

Proposal to Close Delayed Revocation Incidents

Here are the results of my triage: CA Bugzilla Status HARICA https://bugzilla.mozilla.org/show_bug.

unread,

Proposal to Close Delayed Revocation Incidents

Here are the results of my triage: CA Bugzilla Status HARICA https://bugzilla.mozilla.org/show_bug.

Feb 11

Jeremy Rowley, … Rob Stradling24

Feb 7

Sectigo acquires Entrust business

> The fact that Linux distributions and other software like Alpine and curl are "copying

unread,

Sectigo acquires Entrust business

> The fact that Linux distributions and other software like Alpine and curl are "copying

Feb 7

Feb 7

Root Program Guidance/Issue Classfication

On Fri, Feb 7, 2025 at 8:41 AM Mike Shaver <mike....@gmail.com> wrote https://groups.google.

unread,

Root Program Guidance/Issue Classfication

On Fri, Feb 7, 2025 at 8:41 AM Mike Shaver <mike....@gmail.com> wrote https://groups.google.

Feb 7

Dana Keeler, … Jeremy Rowley9

Feb 4

Certificate Transparency is now enforced in Firefox on desktop platforms starting with version 135

Personally, I don't think I fundamentally disagree with anything in that blog post. Much of the

unread,

Certificate Transparency is now enforced in Firefox on desktop platforms starting with version 135

Personally, I don't think I fundamentally disagree with anything in that blog post. Much of the

Feb 4

Ben Wilson, … Rob Stradling49

Feb 3

MRSP 3.0: Issue #276: Delayed Revocation

All, I have edited proposed section 6.1.3 of the MRSP to add/allow "annual plan testing through

unread,

MRSP 3.0: Issue #276: Delayed Revocation

All, I have edited proposed section 6.1.3 of the MRSP to add/allow "annual plan testing through

Feb 3

Jan 30

Legal transfer of ownership and MDSP

I've been looking at Section 8.1 of the Mozilla CA policy, and I think you could easily game the

unread,

Legal transfer of ownership and MDSP

I've been looking at Section 8.1 of the Mozilla CA policy, and I think you could easily game the

Jan 30

Jan 27

MRSP 3.0: Request for Feedback: Draft CA Communication and Survey

Greetings All, I am finalizing a mass email communication and survey to be sent to CA operators that

unread,

MRSP 3.0: Request for Feedback: Draft CA Communication and Survey

Greetings All, I am finalizing a mass email communication and survey to be sent to CA operators that

Jan 27

Jan 24

Fortinet incident

Hi, As many will likely have heard, there has been a leak of fortinet configuration files posted to

unread,

Fortinet incident

Hi, As many will likely have heard, there has been a leak of fortinet configuration files posted to

Jan 24

Jan 24

Certificate problem reporting undermined by Microsoft spam filters

Hi, I have recently reported a number of certificates with compromised private keys to CAs due to the

unread,

Certificate problem reporting undermined by Microsoft spam filters

Hi, I have recently reported a number of certificates with compromised private keys to CAs due to the

Jan 24

Jan 22

MRSP 3.0: Issue #s 270 and 271: Incident Reporting

All, I am proposing that we reduce the language in MRSP section 2.4 (Incidents) even more, and rely

unread,

MRSP 3.0: Issue #s 270 and 271: Incident Reporting

All, I am proposing that we reduce the language in MRSP section 2.4 (Incidents) even more, and rely

Jan 22

Ben Wilson, … Doug Beattie12

Jan 16

MRSP 3.0: Issue #279: TLS-specific and S/MIME-specific Root CAs

Hi Doug, I can make changes in section 7.5 to explicitly exempt OCSP Signing Certificates by adding

unread,

MRSP 3.0: Issue #279: TLS-specific and S/MIME-specific Root CAs

Hi Doug, I can make changes in section 7.5 to explicitly exempt OCSP Signing Certificates by adding

Jan 16

Jan 14

Approval of SECOM Request for Cybertrust Japan SureMail CA G5

All, Public discussion of the SECOM request regarding issuance of a CA certificate for the Cybertrust

unread,

Approval of SECOM Request for Cybertrust Japan SureMail CA G5

All, Public discussion of the SECOM request regarding issuance of a CA certificate for the Cybertrust

Jan 14

Mike Benza, … Jeffrey Walton4

Jan 10

GLOBALTRUST 2020's reinclusion in Mozilla's trusted certificates

On Friday, January 10, 2025 at 12:13:51 PM UTC-5 Andrew Ayer wrote: Hi Mike, GLOBALTRUST was never

unread,

GLOBALTRUST 2020's reinclusion in Mozilla's trusted certificates

On Friday, January 10, 2025 at 12:13:51 PM UTC-5 Andrew Ayer wrote: Hi Mike, GLOBALTRUST was never

Jan 10

Ben Wilson, … Rob Stradling8

Jan 9

MRSP 3.0: Issue #283: Automation of certificate issuance and renewal

Hi Adriano, If needed, we can clarify the language to communicate better our expectation that renewal

unread,

MRSP 3.0: Issue #283: Automation of certificate issuance and renewal

Hi Adriano, If needed, we can clarify the language to communicate better our expectation that renewal

Jan 9

12/18/24

Timing of Public Discussion of S/MIME External Sub CA

All, I intend to start public discussion of this matter using the CCADB Public list (https://groups.

unread,

Timing of Public Discussion of S/MIME External Sub CA

All, I intend to start public discussion of this matter using the CCADB Public list (https://groups.

12/18/24

Ben Wilson, Roman Fischer3

12/11/24

MRSP 3.0: Issue #275: CA Key Protection

Thanks, Roman, for your questions. With respect to CA key protection, gaps in audit reports raise a

unread,

MRSP 3.0: Issue #275: CA Key Protection

Thanks, Roman, for your questions. With respect to CA key protection, gaps in audit reports raise a

12/11/24

12/3/24

Approval of D-Trust's 2023 Root CAs

Greetings, Public discussion regarding inclusion of the following D-Trust root CA certificates

unread,

Approval of D-Trust's 2023 Root CAs

Greetings, Public discussion regarding inclusion of the following D-Trust root CA certificates

12/3/24

Ben Wilson, … Dimitris Zacharopoulos3

11/27/24

MRSP 3.0: Issue #263: Clarify sentence prohibiting blank sections that also contain no Subsections in CPs and CPSes

Ben, Could you please propose this exact language to the CABF SCWG in response to the failed SC-74?

unread,

MRSP 3.0: Issue #263: Clarify sentence prohibiting blank sections that also contain no Subsections in CPs and CPSes

Ben, Could you please propose this exact language to the CABF SCWG in response to the failed SC-74?

11/27/24

Hanno Böck, … Mike Shaver3

11/26/24

Certificate with compromised key / *.digicert-demo.com

Possibly of interest in blocking keys is Matt Palmer's great work in this space: https://

unread,

Certificate with compromised key / *.digicert-demo.com

Possibly of interest in blocking keys is Matt Palmer's great work in this space: https://

11/26/24

Search

Clear search

Close search

Google apps

Main menu