Groups

dev-security-policy@mozilla.org

1–30 of 353

Welcome to the dev-security-policy group in which we discuss issues concerning the Mozilla Root Program, root store policy development, governance matters, and other PKI topics directly relevant to the Program.

Mailing List: dev-security-policy@mozilla.org
Web: https://groups.google.com/a/mozilla.org/g/dev-security-policy
Participation Guidelines: https://www.mozilla.org/about/governance/policies/participation/
Participants: https://wiki.mozilla.org/CA/Policy_Participants
Unsubscribe by sending email to: dev-security-policy+unsubscribe@mozilla.org
Previous list archives (2009-2021): https://groups.google.com/g/mozilla.dev.security.policy

0 selected

Peter Mate Erdosi

3:09 AM

Question about a Microsoft Root Program reuqirement

Hello, I know that the focus is on the Mozilla requirements here, but I hope somebody can answer my

unread,

Question about a Microsoft Root Program reuqirement

Hello, I know that the focus is on the Mozilla requirements here, but I hope somebody can answer my

3:09 AM

Ben Wilson, … Joe DeBlasio4

Feb 5

Updated Mozilla CT Log Policy

Yes, Mozilla did ask for, and get, Google's permission to use Chrome's lists as the basis for

unread,

Updated Mozilla CT Log Policy

Yes, Mozilla did ask for, and get, Google's permission to use Chrome's lists as the basis for

Feb 5

Feb 2

Removal of 'non-disclosable intermediate certificates' language from Mozilla CA Wiki

All, We have removed the section of this Mozilla CA wiki page that referred to the concept of “non-

unread,

Removal of 'non-disclosable intermediate certificates' language from Mozilla CA Wiki

All, We have removed the section of this Mozilla CA wiki page that referred to the concept of “non-

Feb 2

Feb 2

Public Discussion: Approval of JPRS as an Externally-Operated Subordinate CA under SECOM Root

Greetings, This message begins a three-week public discussion regarding a request by SECOM Trust

unread,

Public Discussion: Approval of JPRS as an Externally-Operated Subordinate CA under SECOM Root

Greetings, This message begins a three-week public discussion regarding a request by SECOM Trust

Feb 2

Dexter Castor Döpping, … Roman Fischer8

Feb 2

HTTP request blocking by CAs for CRL, CPS, AIA caIssuers

I completely agree that CAs remain responsible to provide secure and available certificate status

unread,

HTTP request blocking by CAs for CRL, CPS, AIA caIssuers

I completely agree that CAs remain responsible to provide secure and available certificate status

Feb 2

Jan 29

Question on repurposing PublicCAs to PrivateCAs

Yo! mortals I noticed that DigiCert (after Symantec PKI acquisition) utilized the legacy VeriSign

unread,

Question on repurposing PublicCAs to PrivateCAs

Yo! mortals I noticed that DigiCert (after Symantec PKI acquisition) utilized the legacy VeriSign

Jan 29

Roger M Lambdin, Rollin Yu5

Jan 21

Regarding the LiteSSL Certificate Issuance Authentication Vulnerability

The preliminary incident report has been published on Bugzilla: https://bugzilla.mozilla.org/show_bug

unread,

Regarding the LiteSSL Certificate Issuance Authentication Vulnerability

The preliminary incident report has been published on Bugzilla: https://bugzilla.mozilla.org/show_bug

Jan 21

Jan 18

https://opensource.apple.com/source/security_certificates/ is 404

Hi all, I noticed that on the page https://crt.sh/?caid=980, within the "Trust" table, the

unread,

https://opensource.apple.com/source/security_certificates/ is 404

Hi all, I noticed that on the page https://crt.sh/?caid=980, within the "Trust" table, the

Jan 18

Jan 5

Approval of Microsec's e-Szigno TLS Root CA 2023

All, Public discussion of the Microsec e-Szigno TLS Root CA 2023 root [1] occurred from November 7,

unread,

Approval of Microsec's e-Szigno TLS Root CA 2023

All, Public discussion of the Microsec e-Szigno TLS Root CA 2023 root [1] occurred from November 7,

Jan 5

Andrew Ayer, … Filippo Valsorda8

12/13/25

Ongoing CT Logging Mistakes by CAs

I feel like it would be great if CAs that encoded invalid SCTs could proactively file incident

unread,

Ongoing CT Logging Mistakes by CAs

I feel like it would be great if CAs that encoded invalid SCTs could proactively file incident

12/13/25

12/12/25

Reflections on 2025 and Areas of Focus for 2026

Greetings, As we get to the end of 2025, it's time to reflect on the past year and to think about

unread,

Reflections on 2025 and Areas of Focus for 2026

Greetings, As we get to the end of 2025, it's time to reflect on the past year and to think about

12/12/25

Arabella Barks, … Aaron Gable10

12/3/25

Why didn’t apple trust Wyvern2027h1 and sphinx2027h1 ctlog?

They're not non-compliant, and they don't need to be revoked. This is because, so far,

unread,

Why didn’t apple trust Wyvern2027h1 and sphinx2027h1 ctlog?

They're not non-compliant, and they don't need to be revoked. This is because, so far,

12/3/25

Arabella Barks, … Dimitris Zacharopoulos5

11/26/25

Subject: Confusion/questions regarding SC-088v3

Hi Tobi, On 11/24/2025 1:03 PM, 'Tobias S. Josefowitz' via dev-secur...@mozilla.org

unread,

Subject: Confusion/questions regarding SC-088v3

Hi Tobi, On 11/24/2025 1:03 PM, 'Tobias S. Josefowitz' via dev-secur...@mozilla.org

11/26/25

11/23/25

Updated Value Statement Wiki Guidance

All, Based on a recent review of some of the Value Statements submitted by CA operator applicants, I

unread,

Updated Value Statement Wiki Guidance

All, Based on a recent review of some of the Value Statements submitted by CA operator applicants, I

11/23/25

11/18/25

New CA Wiki Page: Summary of Root Inclusion Process and Evaluation Criteria

All, I have created a summary of the root inclusion process, with pointers to the wiki and other

unread,

New CA Wiki Page: Summary of Root Inclusion Process and Evaluation Criteria

All, I have created a summary of the root inclusion process, with pointers to the wiki and other

11/18/25

Jin Tong, … Henry Birge-Lee4

11/11/25

The impact of MitM attack

Hello Henry, Thank you very much for your patience in clarifying this matter. We appreciate your

unread,

The impact of MitM attack

Hello Henry, Thank you very much for your patience in clarifying this matter. We appreciate your

11/11/25

Dale Newton, … Ronald Crane4

11/10/25

No master password on Android

Please use https://bugzilla.mozilla.org to discuss bugs in, and enhancement requests for, Firefox. On

unread,

No master password on Android

Please use https://bugzilla.mozilla.org to discuss bugs in, and enhancement requests for, Firefox. On

11/10/25

11/5/25

Notification of acquisition of VikingCloud’s Digital Certificate Business

All, SSL.com and VikingCloud are disclosing details for the technical community in this forum,

unread,

Notification of acquisition of VikingCloud’s Digital Certificate Business

All, SSL.com and VikingCloud are disclosing details for the technical community in this forum,

11/5/25

Ben Wilson, … Ronald Crane4

10/27/25

New Lists of Mozilla Root CAs

On 10/27/2025 12:12 PM, 'Jan Schaumann' via dev-secur...@mozilla.org wrote: "

unread,

New Lists of Mozilla Root CAs

On 10/27/2025 12:12 PM, 'Jan Schaumann' via dev-secur...@mozilla.org wrote: "

10/27/25

10/16/25

Thoughts on Advancing ARI Adoption and Its Implementation in ACME Clients

Hello all, This is Arabella. Today, while reviewing various ACME clients, I observed that several

unread,

Thoughts on Advancing ARI Adoption and Its Implementation in ACME Clients

Hello all, This is Arabella. Today, while reviewing various ACME clients, I observed that several

10/16/25

Lambert Evans, … Matt Palmer28

10/14/25

SHECA:TLS certificate key generation online

On Tue, Oct 14, 2025 at 05:19:30AM -0700, Alvin Wang wrote: > Thank you very much for your

unread,

SHECA:TLS certificate key generation online

On Tue, Oct 14, 2025 at 05:19:30AM -0700, Alvin Wang wrote: > Thank you very much for your

10/14/25

10/2/25

Updated Root and Intermediate CA Reports on Mozilla CA Wiki

All, The following wiki pages have been updated with links to a new version of some of the CCADB-

unread,

Updated Root and Intermediate CA Reports on Mozilla CA Wiki

All, The following wiki pages have been updated with links to a new version of some of the CCADB-

10/2/25

9/17/25

Notification of GlobalSign providing reselling services to Chunghwa Telecom

Dear all The purpose of this e-mail is to notify you of GlobalSign's intent to provide reselling

unread,

Notification of GlobalSign providing reselling services to Chunghwa Telecom

Dear all The purpose of this e-mail is to notify you of GlobalSign's intent to provide reselling

9/17/25

9/11/25

Updated Approval Process for Externally Operated Subordinate CAs

All, I have updated the process description for approval of externally operated subordinate CAs (

unread,

Updated Approval Process for Externally Operated Subordinate CAs

All, I have updated the process description for approval of externally operated subordinate CAs (

9/11/25

Youfu Zhang, … Wayne7

9/4/25

Incident Report: Mis-issued Certificates for SAN iPAddress:1.1.1.1 by Fina RDC 2020

A glance through censys with the following query and a report checking parsed.extensions.

unread,

Incident Report: Mis-issued Certificates for SAN iPAddress:1.1.1.1 by Fina RDC 2020

A glance through censys with the following query and a report checking parsed.extensions.

9/4/25

8/22/25

Approval of OISTE Root CA Certificate Request

All, The Mozilla root inclusion process is outlined here: https://wiki.mozilla.org/CA/

unread,

Approval of OISTE Root CA Certificate Request

All, The Mozilla root inclusion process is outlined here: https://wiki.mozilla.org/CA/

8/22/25

Ivan, Ben Wilson4

8/8/25

Inquiry on "Acceptable" CA criteria, after remove of non-discrimination clause

Just realized that I've sent a previous message using a Google Groups web form, and it's most

unread,

Inquiry on "Acceptable" CA criteria, after remove of non-discrimination clause

Just realized that I've sent a previous message using a Google Groups web form, and it's most

8/8/25

7/23/25

Preview of Let's Encrypt's upcoming Root Ceremony

Hi Sándor, Good question! The first interpretation is correct. The authorityKeyIdentifier extension

unread,

Preview of Let's Encrypt's upcoming Root Ceremony

Hi Sándor, Good question! The first interpretation is correct. The authorityKeyIdentifier extension

7/23/25

7/14/25

Fwd: [Smcwg-public] Deprecation of Legacy

Forwarding for additional visibility and notice to SMIME-issuing CAs. ---------- Forwarded message --

unread,

Fwd: [Smcwg-public] Deprecation of Legacy

Forwarding for additional visibility and notice to SMIME-issuing CAs. ---------- Forwarded message --

7/14/25

Hanno Böck, … John Schanck4

6/20/25

Limitations of aggreated CRL revocation checks

Right, Mozilla root store policy [1] requires CAs to disclose their CRLs in CCADB. Mozilla's

unread,

Limitations of aggreated CRL revocation checks

Right, Mozilla root store policy [1] requires CAs to disclose their CRLs in CCADB. Mozilla's

6/20/25

Search

Clear search

Close search

Google apps

Main menu