dev-security-policy@mozilla.org

1–29 of 29

Welcome to the dev-security-policy group in which we discuss security-related policies, governance, and related topics; including discussion of Mozilla’s Root Store Policy and the NSS root certificate store.

Mailing List: dev-security-policy@mozilla.org
Web: https://groups.google.com/a/mozilla.org/g/dev-security-policy
Subscribe by sending email to: dev-security-policy+subscribe@mozilla.org
Unsubscribe by sending email to: dev-security-policy+unsubscribe@mozilla.org
Previous archives: https://groups.google.com/g/mozilla.dev.security.policy

0 selected

Kathleen Wilson, … Santiago Brox4

11:03 AM

CCADB Update: New field JSON Array of Partitioned CRLs

I may agree. But the question arises as to how and how often the information in CCADB should be

unread,

CCADB Update: New field JSON Array of Partitioned CRLs

I may agree. But the question arises as to how and how often the information in CCADB should be

11:03 AM

Ben Wilson, … Syrine Tlili14

10:21 AM

Public Discussion re: Inclusion of the TunTrust Root CA

Hi All : We would like to move forward with our inclusion request in public discussion since April

unread,

Public Discussion re: Inclusion of the TunTrust Root CA

Hi All : We would like to move forward with our inclusion request in public discussion since April

10:21 AM

Ben Wilson, … Ryan Sleevi4

Jun 13

MRSP 6 and CPS 4.9.12 proof of key compromise compliance date

Thanks for your comments, Andrew and Ryan. The survey intended to gauge implementation timeframes for

unread,

MRSP 6 and CPS 4.9.12 proof of key compromise compliance date

Thanks for your comments, Andrew and Ryan. The survey intended to gauge implementation timeframes for

Jun 13

Yuki Yuki, … Ryan Sleevi4

Jun 12

What does it mean by “An executed Subscriber Agreement or Terms of Use”

Hi Yuki, I think others have covered the question of "who is the Subscriber" and "How

unread,

What does it mean by “An executed Subscriber Agreement or Terms of Use”

Hi Yuki, I think others have covered the question of "who is the Subscriber" and "How

Jun 12

Ben Wilson, Andrew Ayer3

Jun 11

Public Discussion of HARICA's Root CA Inclusion Requests

All, I'm going to close the public discussion phase of these inclusion requests later today, and

unread,

Public Discussion of HARICA's Root CA Inclusion Requests

All, I'm going to close the public discussion phase of these inclusion requests later today, and

Jun 11

Aaron Gable, … Ryan Sleevi20

Jun 11

Treating timestamps as instants or intervals

On Thu, Jun 10, 2021 at 10:00 AM Ryan Sleevi <ryan@sleevi.com> wrote: With respect to incident

unread,

Treating timestamps as instants or intervals

On Thu, Jun 10, 2021 at 10:00 AM Ryan Sleevi <ryan@sleevi.com> wrote: With respect to incident

Jun 11

Watson Ladd, Matthias Merkel2

Jun 10

KIR S.A.: 8 bugs at once!

According to https://www.dns.pl/en/whois, these domains do belong to KIR. Of course, the amount of

unread,

KIR S.A.: 8 bugs at once!

According to https://www.dns.pl/en/whois, these domains do belong to KIR. Of course, the amount of

Jun 10

Michel Le Bihan, Ryan Sleevi2

Jun 10

Generalization of CPS to avoid misissuance

On Thu, Jun 10, 2021 at 5:03 AM Michel Le Bihan <michel.lebihan2000@gmail.com> wrote: Both KIR

unread,

Generalization of CPS to avoid misissuance

On Thu, Jun 10, 2021 at 5:03 AM Michel Le Bihan <michel.lebihan2000@gmail.com> wrote: Both KIR

Jun 10

Ben Wilson, … Nick Lamb6

Jun 6

Quantifying the Value of Adding a New CA

On Mon, 10 May 2021 17:13:41 -0600 Ben Wilson <bwilson@mozilla.com> wrote: > All, > >

unread,

Quantifying the Value of Adding a New CA

On Mon, 10 May 2021 17:13:41 -0600 Ben Wilson <bwilson@mozilla.com> wrote: > All, > >

Jun 6

Kathleen Wilson2

Jun 1

Audit Reminder Email Summary - Intermediate Certificates

-------- Forwarded Message -------- Subject: Summary of June 2021 Outdated Audit Statements for

unread,

Audit Reminder Email Summary - Intermediate Certificates

-------- Forwarded Message -------- Subject: Summary of June 2021 Outdated Audit Statements for

Jun 1

May 31

End of an era: Certificate Transparency

As far as I can tell from my records, today, the 1st of June 2021 marks the first day when the Chrome

unread,

End of an era: Certificate Transparency

As far as I can tell from my records, today, the 1st of June 2021 marks the first day when the Chrome

May 31

Sándor dr. Szőke, … Matt Palmer4

May 26

The cryptographic requirements for Code Signing Certificates will change on 2021-06-01.

Matt Palmer a következőt írta (2021. május 26., szerda, 1:52:34 UTC+2): On Tue, May 25, 2021 at 08:06

unread,

The cryptographic requirements for Code Signing Certificates will change on 2021-06-01.

Matt Palmer a következőt írta (2021. május 26., szerda, 1:52:34 UTC+2): On Tue, May 25, 2021 at 08:06

May 26

Michel Le Bihan, … Brian Smith33

May 25

Are U-labels allowed in CN?

'Corey Bonnell' via dev-security-policy@mozilla.org <dev-security-policy@mozilla.org>

unread,

Are U-labels allowed in CN?

'Corey Bonnell' via dev-security-policy@mozilla.org <dev-security-policy@mozilla.org>

May 25

Ben Wilson, … yutian zheng8

May 24

Public Discussion re: Inclusion of the iTrusChina Root CAs

Our R&D team has investigated this issue and found the problem. I published an incident report in

unread,

Public Discussion re: Inclusion of the iTrusChina Root CAs

Our R&D team has investigated this issue and found the problem. I published an incident report in

May 24

Kathleen Wilson, … Ben Wilson4

May 18

Audit Reminder Email Summary - Root Certificates

-------- Forwarded Message -------- Subject: Summary of May 2021 Audit Reminder Emails Date: Tue, 18

unread,

Audit Reminder Email Summary - Root Certificates

-------- Forwarded Message -------- Subject: Summary of May 2021 Audit Reminder Emails Date: Tue, 18

May 18

Matthias van de Meent, … Ryan Sleevi5

May 17

Signing the SHA-1 subjectKeyIdentifier

On Mon, May 17, 2021 at 12:41 PM Kurt Roeckx <kurt@roeckx.be> wrote: On Mon, May 17, 2021 at 02

unread,

Signing the SHA-1 subjectKeyIdentifier

On Mon, May 17, 2021 at 12:41 PM Kurt Roeckx <kurt@roeckx.be> wrote: On Mon, May 17, 2021 at 02

May 17

Ben Wilson, … Wojtek Porczyk3

May 14

CA Survey Responses on Removing Old Roots

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 On Thu, May 13, 2021 at 07:58:17PM -0400, Ryan Sleevi

unread,

CA Survey Responses on Removing Old Roots

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 On Thu, May 13, 2021 at 07:58:17PM -0400, Ryan Sleevi

May 14

Michel Le Bihan, … Phillip Hallam-Baker7

May 13

Please explain why CAs MUST NOT generate the key pairs

A major difference in the separation of concerns there is that the ACME tool is open source and

unread,

Please explain why CAs MUST NOT generate the key pairs

A major difference in the separation of concerns there is that the ACME tool is open source and

May 13

Corey Bonnell, … Kathleen Wilson4

May 13

CRL AuthorityKeyIdentifier Allowed Fields

I filed https://github.com/mozilla/pkipolicy/issues/226 to track this for our next policy update. I

unread,

CRL AuthorityKeyIdentifier Allowed Fields

I filed https://github.com/mozilla/pkipolicy/issues/226 to track this for our next policy update. I

May 13

Kathleen Wilson, … Rob Stradling13

May 11

DRAFT blog post: Beware of Applications Misusing Root Stores

> I updated the draft to link to https://github.com/crtsh/root_programs/tree/master/

unread,

DRAFT blog post: Beware of Applications Misusing Root Stores

> I updated the draft to link to https://github.com/crtsh/root_programs/tree/master/

May 11

Ben Wilson, … Ryan Hurst9

May 3

Replacement of GTS' GlobalSign Root CA – R2

Let me start with an apology for the delayed response to this thread. I took some time off in April

unread,

Replacement of GTS' GlobalSign Root CA – R2

Let me start with an apology for the delayed response to this thread. I took some time off in April

May 3

Corey Bonnell, Ryan Sleevi2

May 3

CA policy documents listing now-prohibited domain validation methods

On Mon, May 3, 2021 at 11:52 AM 'Corey Bonnell' via dev-security-policy@mozilla.org <dev-

unread,

CA policy documents listing now-prohibited domain validation methods

On Mon, May 3, 2021 at 11:52 AM 'Corey Bonnell' via dev-security-policy@mozilla.org <dev-

May 3

Kathleen Wilson, dev-secur...@mozilla.org2

May 3

Ignore email titled Sandbox: Welcome to the Common CA Database

Mass email sent via CCADB: ~~ All, Please ignore the email with subject "Sandbox: Welcome to the

unread,

Ignore email titled Sandbox: Welcome to the Common CA Database

Mass email sent via CCADB: ~~ All, Please ignore the email with subject "Sandbox: Welcome to the

May 3

Apr 20

April 2021 CA Communication and Survey

All, Today I sent out the following April 2021 CA Communication and Survey to all CAs in

unread,

April 2021 CA Communication and Survey

All, Today I sent out the following April 2021 CA Communication and Survey to all CAs in

Apr 20

Apr 15

Public Discussion of Asseco's Root Inclusion Request

Hi All, On March 22, 2021, we began the public discussion period [Step 4 of the Mozilla Root Store CA

unread,

Public Discussion of Asseco's Root Inclusion Request

Hi All, On March 22, 2021, we began the public discussion period [Step 4 of the Mozilla Root Store CA

Apr 15

Ben Wilson, … dr. Szőke Sándor17

Apr 14

DRAFT April 2021 CA Communication and Survey

You are right, NSS supports building an application- and customer-specific own root store. The

unread,

DRAFT April 2021 CA Communication and Survey

You are right, NSS supports building an application- and customer-specific own root store. The

Apr 14

Apr 12

Policy 2.7.1: Published

Version 2.7.1 of the Mozilla Root Store Policy is now available at: https://www.mozilla.org/en-US/

unread,

Policy 2.7.1: Published

Version 2.7.1 of the Mozilla Root Store Policy is now available at: https://www.mozilla.org/en-US/

Apr 12

Timothy Geiser, Ryan Sleevi2

Apr 5

Certificates with in-addr.arpa dNSNames

(Resending after a permissions snafu) Hi Timothy, In the CA/B Forum, this is tracked as https://

unread,

Certificates with in-addr.arpa dNSNames

(Resending after a permissions snafu) Hi Timothy, In the CA/B Forum, this is tracked as https://

Apr 5

Kathleen Wilson, Ben Wilson2

Apr 2

WELCOME to dev-security-policy

Thanks, Kathleen. I'm sure we'll all enjoy using this new list. Thanks again, Ben On Thursday

unread,

WELCOME to dev-security-policy

Thanks, Kathleen. I'm sure we'll all enjoy using this new list. Thanks again, Ben On Thursday

Apr 2

Search

Clear search

Close search

Google apps

Main menu