dev-security-policy@mozilla.org

Contact owners and managers

1–30 of 233

Welcome to the dev-security-policy group in which we discuss security-related policies, governance, and related topics; including discussion of Mozilla’s Root Store Policy and the NSS root certificate store.

Mailing List: dev-security-policy@mozilla.org
Web: https://groups.google.com/a/mozilla.org/g/dev-security-policy
Subscribe by using the button "Ask to join group" and complete the box "Reason for joining". Membership requests must provide context for your interest in joining the group. Requests without this information will be rejected.
Participation Guidelines: https://www.mozilla.org/about/governance/policies/participation/
Participants: https://wiki.mozilla.org/CA/Policy_Participants
Unsubscribe by sending email to: dev-security-policy+unsubscribe@mozilla.org
Previous archives (2009-2021): https://groups.google.com/g/mozilla.dev.security.policy
RSS feed: https://www.mail-archive.com/dev-security-policy@mozilla.org/maillist.xml

0 selected

Ben Wilson, … Roman Fischer7

Jan 4

Improvements to Vulnerability Disclosure wiki page

Thanks, Roman I have added "Email Address / Group Distribution List" as a clarification.

unread,

Improvements to Vulnerability Disclosure wiki page

Thanks, Roman I have added "Email Address / Group Distribution List" as a clarification.

Jan 4

Jan 4

Deutsche Telekom Security's Root Inclusion Request

All, Public discussion began on the CCADB Public List on Nov. 1, 2023 (https://groups.google.com/a/

unread,

Deutsche Telekom Security's Root Inclusion Request

All, Public discussion began on the CCADB Public List on Nov. 1, 2023 (https://groups.google.com/a/

Jan 4

Jan 2

S/MIME BR Transition Wiki Page

All, I am editing the S/MIME Baseline Requirements transition guidance wiki page (https://wiki.

unread,

S/MIME BR Transition Wiki Page

All, I am editing the S/MIME Baseline Requirements transition guidance wiki page (https://wiki.

Jan 2

Kathleen Wilson30

12/20/23

Audit Reminder Email Summary - Intermediate Certificates

-------- Forwarded Message -------- Subject: Summary of December 2023 Outdated Audit Statements for

unread,

Audit Reminder Email Summary - Intermediate Certificates

-------- Forwarded Message -------- Subject: Summary of December 2023 Outdated Audit Statements for

12/20/23

Kathleen Wilson, … Matthias van de Meent37

12/20/23

Audit Reminder Email Summary - Root Certificates

-------- Forwarded Message -------- Subject: Summary of December 2023 Audit Reminder Emails Date: Tue

unread,

Audit Reminder Email Summary - Root Certificates

-------- Forwarded Message -------- Subject: Summary of December 2023 Audit Reminder Emails Date: Tue

12/20/23

12/19/23

D-Trust Inclusion Request (Email Trust Bit)

All, Public discussion concluded last Friday, Dec. 15, on the CCADB Public List, for D-Trust's

unread,

D-Trust Inclusion Request (Email Trust Bit)

All, Public discussion concluded last Friday, Dec. 15, on the CCADB Public List, for D-Trust's

12/19/23

Amir Omidi (aaomidi)

12/18/23

e-commerce monitoring GmbH and at what point does a CA get distrusted

Hi all, I am hoping to get some root program perspectives on this incident: https://bugzilla.mozilla.

unread,

e-commerce monitoring GmbH and at what point does a CA get distrusted

Hi all, I am hoping to get some root program perspectives on this incident: https://bugzilla.mozilla.

12/18/23

Phil Porada, … Dana Keeler25

12/18/23

Let's Encrypt New Intermediate Certificates

Just a minor nit here, talking about "pinning roots" is a bit of an oxymoron because they

unread,

Let's Encrypt New Intermediate Certificates

Just a minor nit here, talking about "pinning roots" is a bit of an oxymoron because they

12/18/23

12/4/23

Shared wildcard certificate in EV chargers

Hello, I wanted to share an incident with shared certificates and keys on EV charger devices. I

unread,

Shared wildcard certificate in EV chargers

Hello, I wanted to share an incident with shared certificates and keys on EV charger devices. I

12/4/23

Aaron Gable, … Ryan Hurst6

12/1/23

CP/CPS intra-document cross-references

Having read more, CP/CPS is in my life, and I cared to admit to it is my opinion that better to not

unread,

CP/CPS intra-document cross-references

Having read more, CP/CPS is in my life, and I cared to admit to it is my opinion that better to not

12/1/23

10/18/23

Updated Incident Reporting Requirements

All, The framework for reporting compliance incidents has been updated on the CCADB website. See

unread,

Updated Incident Reporting Requirements

All, The framework for reporting compliance incidents has been updated on the CCADB website. See

10/18/23

10/13/23

Intent to Approve Commscope's CA Inclusion Request

All, We recently concluded a 6-week public discussion on the CCADB list of the request for inclusion

unread,

Intent to Approve Commscope's CA Inclusion Request

All, We recently concluded a 6-week public discussion on the CCADB list of the request for inclusion

10/13/23

9/27/23

MRSP 2.9: Survey Results - August 2023 CA Communication and Survey

Here are summaries of questions and comments and our responses. Summary of Questions or Concerns

unread,

MRSP 2.9: Survey Results - August 2023 CA Communication and Survey

Here are summaries of questions and comments and our responses. Summary of Questions or Concerns

9/27/23

Kathleen Wilson2

9/21/23

Ownership change for Mozilla CA Certificate Policy module

The module ownership has been updated. https://wiki.mozilla.org/Modules/All#Governance_Sub_Modules

unread,

Ownership change for Mozilla CA Certificate Policy module

The module ownership has been updated. https://wiki.mozilla.org/Modules/All#Governance_Sub_Modules

9/21/23

9/18/23

Blog Post About Mozilla Root Store Policy Version 2.9

All, Recently, I posted on the Mozilla Security Blog a brief overview of updates to the Mozilla Root

unread,

Blog Post About Mozilla Root Store Policy Version 2.9

All, Recently, I posted on the Mozilla Security Blog a brief overview of updates to the Mozilla Root

9/18/23

8/29/23

MRSP 2.9: Draft CA Communication and Survey

All, This August 2023 CA Communication and Survey was sent out to CAs already in our program last

unread,

MRSP 2.9: Draft CA Communication and Survey

All, This August 2023 CA Communication and Survey was sent out to CAs already in our program last

8/29/23

Tim Hollebeek, Aaron Poulsen2

8/18/23

Mozilla Policy 2.9, section 3.1.4 and CCADB policy section 5.1

I do not feel this point it nitpicky. Externally-referenced documents increase the compliance burden

unread,

Mozilla Policy 2.9, section 3.1.4 and CCADB policy section 5.1

I do not feel this point it nitpicky. Externally-referenced documents increase the compliance burden

8/18/23

Ben Wilson, … Christophe Bonjean8

8/18/23

MRSP 2.9: S/MIME BRs and Audits

All, The language decided upon for item 3 of MRSP section 1.1 (Scope of MRSP for end entity

unread,

MRSP 2.9: S/MIME BRs and Audits

All, The language decided upon for item 3 of MRSP section 1.1 (Scope of MRSP for end entity

8/18/23

8/18/23

MRSP 2.9: Issues 261, 263 and 267, Miscellaneous Clarifications and Corrections

All, I don't believe we received any comments or questions, and the proposed changes have been

unread,

MRSP 2.9: Issues 261, 263 and 267, Miscellaneous Clarifications and Corrections

All, I don't believe we received any comments or questions, and the proposed changes have been

8/18/23

8/18/23

MRSP 2.9: Issue #250: Clarify MRSP 5.3.2 to expressly include revoked CA certificates

All, Here is the currently proposed language for the first paragraph of MRSP section 5.3.2: The

unread,

MRSP 2.9: Issue #250: Clarify MRSP 5.3.2 to expressly include revoked CA certificates

All, Here is the currently proposed language for the first paragraph of MRSP section 5.3.2: The

8/18/23

Ben Wilson, Pedro Fuentes5

8/18/23

MRSP 2.9: Issue #239: Audit Statement Content

All, In response to Tim Hollebeek's recent email on this topic (https://groups.google.com/a/

unread,

MRSP 2.9: Issue #239: Audit Statement Content

All, In response to Tim Hollebeek's recent email on this topic (https://groups.google.com/a/

8/18/23

8/18/23

MRSP 2.9: Issue #254: Harmonize CRL Reason Codes with CA/B Forum Revocation Reasons

All, Here are those changes as proposed in the previous email on this topic. https://github.com/

unread,

MRSP 2.9: Issue #254: Harmonize CRL Reason Codes with CA/B Forum Revocation Reasons

All, Here are those changes as proposed in the previous email on this topic. https://github.com/

8/18/23

8/17/23

TrustAsia CA Root Inclusion Request

All, Public discussion concluded yesterday, August 16th, on the CCADB Public List, for

unread,

TrustAsia CA Root Inclusion Request

All, Public discussion concluded yesterday, August 16th, on the CCADB Public List, for

8/17/23

Phil Porada, … Corey Bonnell10

8/9/23

Unrestricted cross-signed Subordinate CA profile questions

The existence of this end-run around the system is why the current version of the BRs says "

unread,

Unrestricted cross-signed Subordinate CA profile questions

The existence of this end-run around the system is why the current version of the BRs says "

8/9/23

8/9/23

MRSP 2.9: Final Review of MRSP 2.9

All, Over the past couple of weeks (after my previous email on July 27), I have made additional

unread,

MRSP 2.9: Final Review of MRSP 2.9

All, Over the past couple of weeks (after my previous email on July 27), I have made additional

8/9/23

Watson Ladd, … Rob Stradling14

8/3/23

Minimum issuance volume for established CAs?

> Why is this compression scheme likely to take off when there was no interest in pursuing my

unread,

Minimum issuance volume for established CAs?

> Why is this compression scheme likely to take off when there was no interest in pursuing my

8/3/23

Seo Suchan, Corey Bonnell2

7/31/23

delegated additional domain validation lookup

Hi Seo, A CA must fulfill its obligation to perform domain validation as defined in BR 3.2.2.4 using

unread,

delegated additional domain validation lookup

Hi Seo, A CA must fulfill its obligation to perform domain validation as defined in BR 3.2.2.4 using

7/31/23

7/28/23

MRSP 2.9: S/MIME BRs Transition Timeline

Greetings again, This has been posted on our CA wiki page of transition instructions related to CA

unread,

MRSP 2.9: S/MIME BRs Transition Timeline

Greetings again, This has been posted on our CA wiki page of transition instructions related to CA

7/28/23

Ben Wilson, … Pedro Fuentes14

7/28/23

MRSP 2.9: Issue #123: Annual Compliance Self-Assessment

Hello. OK. I see your point. I was thinking on the end date of the audit report that was uploaded.

unread,

MRSP 2.9: Issue #123: Annual Compliance Self-Assessment

Hello. OK. I see your point. I was thinking on the end date of the audit report that was uploaded.

7/28/23

Ben Wilson, … Roman Fischer4

7/27/23

MRSP 2.9: Issues #252 and #266 - Incident Reporting

All, We have created a draft wiki page to explain vulnerability disclosure being proposed for v. 2.9

unread,

MRSP 2.9: Issues #252 and #266 - Incident Reporting

All, We have created a draft wiki page to explain vulnerability disclosure being proposed for v. 2.9

7/27/23

Search

Clear search

Close search

Google apps

Main menu