dev-security-policy@mozilla.org

1–30 of 181

Welcome to the dev-security-policy group in which we discuss security-related policies, governance, and related topics; including discussion of Mozilla’s Root Store Policy and the NSS root certificate store.

Mailing List: dev-security-policy@mozilla.org
Web: https://groups.google.com/a/mozilla.org/g/dev-security-policy
Subscribe by sending email to: dev-security-policy+subscribe@mozilla.org
Unsubscribe by sending email to: dev-security-policy+unsubscribe@mozilla.org
Previous archives: https://groups.google.com/g/mozilla.dev.security.policy
RSS feed: https://www.mail-archive.com/dev-security-policy@mozilla.org/maillist.xml

0 selected

Prof. Reardon, … Kurt Seifried18

Nov 26

concerns about Trustcor

I'm not sure how to say this but: I'm not seeing any real answers. I'm reminded of the TV

unread,

concerns about Trustcor

I'm not sure how to say this but: I'm not seeing any real answers. I'm reminded of the TV

Nov 26

Ian Carroll, … Kurt Seifried11

Nov 26

Security concerns with the e-Tugra certificate authority

E-Tugra posted a decent reply to the incident report at https://bugzilla.mozilla.org/show_bug.cgi?id=

unread,

Security concerns with the e-Tugra certificate authority

E-Tugra posted a decent reply to the incident report at https://bugzilla.mozilla.org/show_bug.cgi?id=

Nov 26

Ben Wilson, Aaron Poulsen5

Nov 22

Policy 2.8.1: Candidate Issues to Address in MRSP v. 2.8.1

All, I might try to get these in place before the end of 2022, but I think it's unlikely. While

unread,

Policy 2.8.1: Candidate Issues to Address in MRSP v. 2.8.1

All, I might try to get these in place before the end of 2022, but I think it's unlikely. While

Nov 22

Ben Wilson, … Corey Bonnell5

Nov 22

Policy 2.8.1: MRSP Issue #256: Requirement that Partitioned CRLs include an Issuing Distribution Point extension

Hi Aaron, I prefer explicitly stating that something is allowed, because we have seen previously that

unread,

Policy 2.8.1: MRSP Issue #256: Requirement that Partitioned CRLs include an Issuing Distribution Point extension

Hi Aaron, I prefer explicitly stating that something is allowed, because we have seen previously that

Nov 22

Nov 21

New whiteboard tags for incidents reported on Bugzilla

All, Also, to keep the discussion clean and simple, just post your suggestions and recommendations to

unread,

New whiteboard tags for incidents reported on Bugzilla

All, Also, to keep the discussion clean and simple, just post your suggestions and recommendations to

Nov 21

Ben Wilson, Kurt Seifried2

Nov 21

Discussion of SERPRO Inclusion Request on CCADB Public

Question: Are there any guidelines for bringing up concerns or structuring arguments/evidence both in

unread,

Discussion of SERPRO Inclusion Request on CCADB Public

Question: Are there any guidelines for bringing up concerns or structuring arguments/evidence both in

Nov 21

Ben Wilson, … Matthias van de Meent7

Nov 18

Policy 2.8.1: MRSP Issue #249: Clarification re: all CPs and CPSes

Hi Matthias, Thanks for the clarification. So, I think the goal is (and the language might have to be

unread,

Policy 2.8.1: MRSP Issue #249: Clarification re: all CPs and CPSes

Hi Matthias, Thanks for the clarification. So, I think the goal is (and the language might have to be

Nov 18

Ben Wilson, … Ryan Dickson10

Nov 17

Policy 2.8.1: MRSP Issue #243: Update periods for CPs and CPSes

Hi Rufus, A CA's CP represents commitments by its owners regarding minimum expectations related

unread,

Policy 2.8.1: MRSP Issue #243: Update periods for CPs and CPSes

Hi Rufus, A CA's CP represents commitments by its owners regarding minimum expectations related

Nov 17

Kathleen Wilson18

Nov 15

Audit Reminder Email Summary - Intermediate Certificates

All, The CCADB is now sending one email per month to CAs who need to provide updated audit statements

unread,

Audit Reminder Email Summary - Intermediate Certificates

All, The CCADB is now sending one email per month to CAs who need to provide updated audit statements

Nov 15

Kathleen Wilson, … Matthias van de Meent24

Nov 15

Audit Reminder Email Summary - Root Certificates

All, The CCADB is now sending one email per month to CAs who need to provide updated audit statements

unread,

Audit Reminder Email Summary - Root Certificates

All, The CCADB is now sending one email per month to CAs who need to provide updated audit statements

Nov 15

Nov 15

Policy 2.8.1: MRSP Issue #253: CAs MUST specify BR 3.2.2.4 Methods

All, The purpose of this thread is to discuss any concerns or suggestions regarding a sentence in

unread,

Policy 2.8.1: MRSP Issue #253: CAs MUST specify BR 3.2.2.4 Methods

All, The purpose of this thread is to discuss any concerns or suggestions regarding a sentence in

Nov 15

Nov 15

Policy 2.8.1: MRSP Issue #257: Requiring CAs to follow Discussions on the CCADB Public List

All, This discussion thread relates to Issue #257 in the Mozilla PKI Policy repository on GitHub. The

unread,

Policy 2.8.1: MRSP Issue #257: Requiring CAs to follow Discussions on the CCADB Public List

All, This discussion thread relates to Issue #257 in the Mozilla PKI Policy repository on GitHub. The

Nov 15

Kathleen Wilson, … Rob Stradling6

Nov 14

Creating 'CA Program' Bugzilla Product

These changes have been completed, and the existing bugs for the following components have been

unread,

Creating 'CA Program' Bugzilla Product

These changes have been completed, and the existing bugs for the following components have been

Nov 14

Kathleen Wilson2

Nov 14

CCADB Update: Changing Audit Reminder Email Templates and Logic

These changes are in CCADB production, and the first audit reminders based on the new template/logic

unread,

CCADB Update: Changing Audit Reminder Email Templates and Logic

These changes are in CCADB production, and the first audit reminders based on the new template/logic

Nov 14

Nov 11

Policy 2.8.1: MRSP Issue #251: Full CRL Publication Requirements

The current subject line for GitHub Mozilla PKI Policy Issue #251 is "Edit MRSP 4.1 to clarify

unread,

Policy 2.8.1: MRSP Issue #251: Full CRL Publication Requirements

The current subject line for GitHub Mozilla PKI Policy Issue #251 is "Edit MRSP 4.1 to clarify

Nov 11

Nov 10

Updates for CCADB Public Discussion Process

All, I have edited some of the Mozilla wiki pages to clarify that public discussion of certificate

unread,

Updates for CCADB Public Discussion Process

All, I have edited some of the Mozilla wiki pages to clarify that public discussion of certificate

Nov 10

Tim Callan, Tim Callan2

Nov 10

Apocryphal root program requirements

The CCADB Steering Committee has opened a new forum for public trust matters that affect Certificate

unread,

Apocryphal root program requirements

The CCADB Steering Committee has opened a new forum for public trust matters that affect Certificate

Nov 10

Kathleen Wilson2

Nov 9

Announcing CCADB Public Group

All Primary POCs currently listed in the CCADB have been subscribed to the CCADB Public Group, and

unread,

Announcing CCADB Public Group

All Primary POCs currently listed in the CCADB have been subscribed to the CCADB Public Group, and

Nov 9

Rachel McPherson

Nov 8

False Claims and Media

To the Root Certificate Program, the CA/B Forum community and the public at large, TrustCor entered

unread,

False Claims and Media

To the Root Certificate Program, the CA/B Forum community and the public at large, TrustCor entered

Nov 8

Ben Wilson, … Melis ŞİMŞEK4

Nov 3

KamuSM request to Expand to .tr ccTLD

Hi All, Kamu SM was established to meet the electronic certificate needs of all public institutions

unread,

KamuSM request to Expand to .tr ccTLD

Hi All, Kamu SM was established to meet the electronic certificate needs of all public institutions

Nov 3

Hanno Böck, … Matthias van de Meent4

Nov 3

Certificate vulnerable to fermat factorization

On Wed, Nov 2, 2022 at 4:00 PM Chris Kemmerer <cskemmerer@gmail.com> wrote: > > We thank

unread,

Certificate vulnerable to fermat factorization

On Wed, Nov 2, 2022 at 4:00 PM Chris Kemmerer <cskemmerer@gmail.com> wrote: > > We thank

Nov 3

Ben Wilson, … Martijn Katerbarg3

Nov 2

Clarifications for MRSP v.2.8 Effective Dates

Ben, I'm glad this subject is being brought up, and I think this item needs to be broader than

unread,

Clarifications for MRSP v.2.8 Effective Dates

Ben, I'm glad this subject is being brought up, and I think this item needs to be broader than

Nov 2

Michel Le Bihan, … Henry Birge-Lee18

Oct 24

Protection against BGP hijacking

Hi Michel, You are correct that it is possible for an attack to propagate to the vast majority of the

unread,

Protection against BGP hijacking

Hi Michel, You are correct that it is possible for an attack to propagate to the vast majority of the

Oct 24

Hanno Böck, … Rob Stradling8

Oct 24

Certificate with Debian OpenSSL bug issued

> Ok, I wasn't aware up until now that crt.sh has data from pure test logs. crt.sh doesn't

unread,

Certificate with Debian OpenSSL bug issued

> Ok, I wasn't aware up until now that crt.sh has data from pure test logs. crt.sh doesn't

Oct 24

Ben Wilson, … Roman Fischer28

Oct 21

Proposed Updates to MRSP to Address Root CA Life Cycles

Hi Ben, Yes, this is also for SwissSign a very good suggestion! Thanks Roman From: Jeremy Rowley <

unread,

Proposed Updates to MRSP to Address Root CA Life Cycles

Hi Ben, Yes, this is also for SwissSign a very good suggestion! Thanks Roman From: Jeremy Rowley <

Oct 21

Ben Wilson, Matthias van de Meent3

Oct 14

MRSP § 3.3 Clarification re: public archiving of CPs and CPSes

On Fri, Oct 14, 2022 at 8:40 PM Ben Wilson <bwilson@mozilla.com> wrote: > All, > I'm

unread,

MRSP § 3.3 Clarification re: public archiving of CPs and CPSes

On Fri, Oct 14, 2022 at 8:40 PM Ben Wilson <bwilson@mozilla.com> wrote: > All, > I'm

Oct 14

Corey Bonnell, … Aaron Gable29

Oct 14

CRL partitioning and IDPs

Interested parties can follow the discussion regarding the errata here: https://mailarchive.ietf.org/

unread,

CRL partitioning and IDPs

Interested parties can follow the discussion regarding the errata here: https://mailarchive.ietf.org/

Oct 14

Rob Stradling, … Kathleen Wilson5

Oct 12

Add another field to AllCertificateRecordsCSVFormat

I believe at least part of the problem Andrew mentions is because of Salesforce or some intermediary

unread,

Add another field to AllCertificateRecordsCSVFormat

I believe at least part of the problem Andrew mentions is because of Salesforce or some intermediary

Oct 12

Oct 10

WebTrust Task Force

To my friends and colleagues of the CABF, I have decided to step back from the WebTrust Task Force so

unread,

WebTrust Task Force

To my friends and colleagues of the CABF, I have decided to step back from the WebTrust Task Force so

Oct 10

Kathleen Wilson

Sep 30

Providing Full CRLs for root certificates in CCADB

All, To provide the "Full CRL Issued By This CA" for root certificate records, you will

unread,

Providing Full CRLs for root certificates in CCADB

All, To provide the "Full CRL Issued By This CA" for root certificate records, you will

Sep 30

Search

Clear search

Close search

Google apps

Main menu