dev-security-policy@mozilla.org

1–30 of 193

Welcome to the dev-security-policy group in which we discuss security-related policies, governance, and related topics; including discussion of Mozilla’s Root Store Policy and the NSS root certificate store.

Mailing List: dev-security-policy@mozilla.org
Web: https://groups.google.com/a/mozilla.org/g/dev-security-policy
Subscribe by using the button "Ask to join group" and complete the box "Reason for joining". Membership requests must provide context for your interest in joining the group. Requests without this information will be rejected.
Participation Guidelines: https://www.mozilla.org/about/governance/policies/participation/
Participants: https://wiki.mozilla.org/CA/Policy_Participants
Unsubscribe by sending email to: dev-security-policy+unsubscribe@mozilla.org
Previous archives (2009-2021): https://groups.google.com/g/mozilla.dev.security.policy
RSS feed: https://www.mail-archive.com/dev-security-policy@mozilla.org/maillist.xml

0 selected

Ben Wilson, … Kathleen Wilson30

Mar 16

Public Discussion re: Beijing CA (BJCA)

Thank you, Mark, for providing a great write-up to explain the situation more clearly! And thank you

unread,

Public Discussion re: Beijing CA (BJCA)

Thank you, Mark, for providing a great write-up to explain the situation more clearly! And thank you

Mar 16

Kathleen Wilson, … Moudrick M. Dadashov47

Mar 15

DRAFT: Root Inclusion Considerations

Not only "business nexus to a country..." but also to CA's problematic shareholders.

unread,

DRAFT: Root Inclusion Considerations

Not only "business nexus to a country..." but also to CA's problematic shareholders.

Mar 15

Ian Carroll, … Ryan Hurst16

Feb 28

Security concerns with the e-Tugra certificate authority

Kathleen, Thanks for the update it is appreciated. Ryan On Tue, Feb 28, 2023 at 10:59 AM Kathleen

unread,

Security concerns with the e-Tugra certificate authority

Kathleen, Thanks for the update it is appreciated. Ryan On Tue, Feb 28, 2023 at 10:59 AM Kathleen

Feb 28

Kathleen Wilson20

Feb 21

Audit Reminder Email Summary - Intermediate Certificates

-------- Forwarded Message -------- Subject: Summary of February 2023 Outdated Audit Statements for

unread,

Audit Reminder Email Summary - Intermediate Certificates

-------- Forwarded Message -------- Subject: Summary of February 2023 Outdated Audit Statements for

Feb 21

Kathleen Wilson, … Matthias van de Meent27

Feb 21

Audit Reminder Email Summary - Root Certificates

-------- Forwarded Message -------- Subject: Summary of February 2023 Audit Reminder Emails Date: Tue

unread,

Audit Reminder Email Summary - Root Certificates

-------- Forwarded Message -------- Subject: Summary of February 2023 Audit Reminder Emails Date: Tue

Feb 21

Ben Wilson, Kurt Seifried5

Feb 6

CA Communication re: Mozilla Root Store Policy (MRSP) Version 2.8.1

The "P1-P5" in Bugzilla shows the current prioritization. The dashboard is located here -

unread,

CA Communication re: Mozilla Root Store Policy (MRSP) Version 2.8.1

The "P1-P5" in Bugzilla shows the current prioritization. The dashboard is located here -

Feb 6

Ben Wilson, … Aaron Gable5

Jan 30

MRSP Policy v. 2.8.1 Finalization

Hi Ben, No objection to a Feb 15th date from me, everything here looks good. Aaron On Tue, Jan 24,

unread,

MRSP Policy v. 2.8.1 Finalization

Hi Ben, No objection to a Feb 15th date from me, everything here looks good. Aaron On Tue, Jan 24,

Jan 30

Ben Wilson, … Roman Fischer29

Jan 25

Proposed Updates to MRSP to Address Root CA Life Cycles

All, I've posted this draft section 7.4 to the Mozilla wiki - https://wiki.mozilla.org/CA/

unread,

Proposed Updates to MRSP to Address Root CA Life Cycles

All, I've posted this draft section 7.4 to the Mozilla wiki - https://wiki.mozilla.org/CA/

Jan 25

Kathleen Wilson, … Jeffrey Walton5

Jan 23

spammers on MDSP

On Mon, Jan 23, 2023 at 12:33 PM Ben Wilson <bwi...@mozilla.com> wrote: > >

unread,

spammers on MDSP

On Mon, Jan 23, 2023 at 12:33 PM Ben Wilson <bwi...@mozilla.com> wrote: > >

Jan 23

Ben Wilson, … Clint Wilson14

Jan 23

Policy 2.8.1: MRSP Issue #256: Requirement that Partitioned CRLs include an Issuing Distribution Point extension

Hi Dimitris, The current expectation is described in the Apple Policy: Effective October 1, 2022, CA

unread,

Policy 2.8.1: MRSP Issue #256: Requirement that Partitioned CRLs include an Issuing Distribution Point extension

Hi Dimitris, The current expectation is described in the Apple Policy: Effective October 1, 2022, CA

Jan 23

Hanno Böck, … wael wael7

Jan 13

key with suspicious pattern

في الخميس، 15 ديسمبر 2022 في تمام الساعة 11:37:27 م UTC+2، كتب Stephan Verbücheln رسالة نصها: You can

unread,

key with suspicious pattern

في الخميس، 15 ديسمبر 2022 في تمام الساعة 11:37:27 م UTC+2، كتب Stephan Verbücheln رسالة نصها: You can

Jan 13

Prof. Reardon, … Rachel McPherson38

12/23/22

concerns about Trustcor

Serge, You guys found an (easily-explained) domain name, and then basically assumed the rest, and

unread,

concerns about Trustcor

Serge, You guys found an (easily-explained) domain name, and then basically assumed the rest, and

12/23/22

Ben Wilson, Kurt Seifried5

12/22/22

Root Inclusion Completeness Checks

Currently, I am very busy working on the CCADB updates. Maybe I can provide something in January.

unread,

Root Inclusion Completeness Checks

Currently, I am very busy working on the CCADB updates. Maybe I can provide something in January.

12/22/22

Ben Wilson, … John Han (hanyuwei70)4

12/16/22

Public Discussion of BJCA's CA inclusion request

Quickly reviewed their site, they are focused in digital signature, key management and crypto

unread,

Public Discussion of BJCA's CA inclusion request

Quickly reviewed their site, they are focused in digital signature, key management and crypto

12/16/22

Ben Wilson, Kurt Seifried4

12/10/22

Discussion of SERPRO Inclusion Request on CCADB Public

I think the problem is that I look at statements like: The person conducting initial information

unread,

Discussion of SERPRO Inclusion Request on CCADB Public

I think the problem is that I look at statements like: The person conducting initial information

12/10/22

Ben Wilson, Corey Bonnell2

12/8/22

Policy 2.8.1: MRSP Issue #251: Full CRL Publication Requirements

Hi Ben, I believe the proposed language would allow a CA to issue a certificate but not disclose any

unread,

Policy 2.8.1: MRSP Issue #251: Full CRL Publication Requirements

Hi Ben, I believe the proposed language would allow a CA to issue a certificate but not disclose any

12/8/22

Prof. Reardon, … Kurt Seifried7

12/8/22

concerns about Princeton Audit Group's auditing status

Hello: I have gotten information back from WebTrust. A company that is no longer listed means that

unread,

concerns about Princeton Audit Group's auditing status

Hello: I have gotten information back from WebTrust. A company that is no longer listed means that

12/8/22

Ben Wilson, Corey Bonnell2

12/7/22

Policy 2.8.1: MRSP Issue #253: CAs MUST specify BR 3.2.2.4 Methods

The proposed change to a MUST is a good one, as I understand that disclosing the BR method numbers of

unread,

Policy 2.8.1: MRSP Issue #253: CAs MUST specify BR 3.2.2.4 Methods

The proposed change to a MUST is a good one, as I understand that disclosing the BR method numbers of

12/7/22

12/6/22

Wiki Dashboards Down

All, The dashboards are up and running again. Thanks, Ben On Tue, Dec 6, 2022 at 2:21 PM Ben Wilson

unread,

Wiki Dashboards Down

All, The dashboards are up and running again. Thanks, Ben On Tue, Dec 6, 2022 at 2:21 PM Ben Wilson

12/6/22

Antonios Chariton, … passerby1845

12/2/22

CAA Records for IP Certificates

if they didn't open RDNS clients wouldn't allowed to override it: although I would say

unread,

CAA Records for IP Certificates

if they didn't open RDNS clients wouldn't allowed to override it: although I would say

12/2/22

11/28/22

Changes to the Mozilla CA Inclusion Dashboard

All, I have posted a question to the CCADB Public List regarding changes to the Mozilla certificate

unread,

Changes to the Mozilla CA Inclusion Dashboard

All, I have posted a question to the CCADB Public List regarding changes to the Mozilla certificate

11/28/22

Ben Wilson, … Melis ŞİMŞEK5

11/28/22

KamuSM request to Expand to .tr ccTLD

All, I am closing the public discussion phase regarding this request. I will be recommending approval

unread,

KamuSM request to Expand to .tr ccTLD

All, I am closing the public discussion phase regarding this request. I will be recommending approval

11/28/22

Ben Wilson, Aaron Poulsen5

11/22/22

Policy 2.8.1: Candidate Issues to Address in MRSP v. 2.8.1

All, I might try to get these in place before the end of 2022, but I think it's unlikely. While

unread,

Policy 2.8.1: Candidate Issues to Address in MRSP v. 2.8.1

All, I might try to get these in place before the end of 2022, but I think it's unlikely. While

11/22/22

11/21/22

New whiteboard tags for incidents reported on Bugzilla

All, Also, to keep the discussion clean and simple, just post your suggestions and recommendations to

unread,

New whiteboard tags for incidents reported on Bugzilla

All, Also, to keep the discussion clean and simple, just post your suggestions and recommendations to

11/21/22

Ben Wilson, … Matthias van de Meent7

11/18/22

Policy 2.8.1: MRSP Issue #249: Clarification re: all CPs and CPSes

Hi Matthias, Thanks for the clarification. So, I think the goal is (and the language might have to be

unread,

Policy 2.8.1: MRSP Issue #249: Clarification re: all CPs and CPSes

Hi Matthias, Thanks for the clarification. So, I think the goal is (and the language might have to be

11/18/22

Ben Wilson, … Ryan Dickson10

11/17/22

Policy 2.8.1: MRSP Issue #243: Update periods for CPs and CPSes

Hi Rufus, A CA's CP represents commitments by its owners regarding minimum expectations related

unread,

Policy 2.8.1: MRSP Issue #243: Update periods for CPs and CPSes

Hi Rufus, A CA's CP represents commitments by its owners regarding minimum expectations related

11/17/22

11/15/22

Policy 2.8.1: MRSP Issue #257: Requiring CAs to follow Discussions on the CCADB Public List

All, This discussion thread relates to Issue #257 in the Mozilla PKI Policy repository on GitHub. The

unread,

Policy 2.8.1: MRSP Issue #257: Requiring CAs to follow Discussions on the CCADB Public List

All, This discussion thread relates to Issue #257 in the Mozilla PKI Policy repository on GitHub. The

11/15/22

Kathleen Wilson, … Rob Stradling6

11/14/22

Creating 'CA Program' Bugzilla Product

These changes have been completed, and the existing bugs for the following components have been

unread,

Creating 'CA Program' Bugzilla Product

These changes have been completed, and the existing bugs for the following components have been

11/14/22

Kathleen Wilson2

11/14/22

CCADB Update: Changing Audit Reminder Email Templates and Logic

These changes are in CCADB production, and the first audit reminders based on the new template/logic

unread,

CCADB Update: Changing Audit Reminder Email Templates and Logic

These changes are in CCADB production, and the first audit reminders based on the new template/logic

11/14/22

11/10/22

Updates for CCADB Public Discussion Process

All, I have edited some of the Mozilla wiki pages to clarify that public discussion of certificate

unread,

Updates for CCADB Public Discussion Process

All, I have edited some of the Mozilla wiki pages to clarify that public discussion of certificate

11/10/22

Search

Clear search

Close search

Google apps

Main menu