dev-security-policy@mozilla.org

1–19 of 19

Welcome to the dev-security-policy group in which we discuss security-related policies, governance, and related topics; including discussion of Mozilla’s Root Store Policy and the NSS root certificate store.

Mailing List: dev-security-policy@mozilla.org
Web: https://groups.google.com/a/mozilla.org/g/dev-security-policy
Subscribe by sending email to: dev-security-policy+subscribe@mozilla.org
Unsubscribe by sending email to: dev-security-policy+unsubscribe@mozilla.org
Previous archives: https://groups.google.com/g/mozilla.dev.security.policy

0 selected

Michel Le Bihan, … Corey Bonnell3

May 14

Are U-labels allowed in CN?

One of the reasons that Ballot 202 failed was that it proposed prohibiting U-labels from appearing in

unread,

Are U-labels allowed in CN?

One of the reasons that Ballot 202 failed was that it proposed prohibiting U-labels from appearing in

May 14

Ben Wilson, … Wojtek Porczyk3

May 14

CA Survey Responses on Removing Old Roots

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 On Thu, May 13, 2021 at 07:58:17PM -0400, Ryan Sleevi

unread,

CA Survey Responses on Removing Old Roots

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 On Thu, May 13, 2021 at 07:58:17PM -0400, Ryan Sleevi

May 14

Michel Le Bihan, … Phillip Hallam-Baker7

May 13

Please explain why CAs MUST NOT generate the key pairs

A major difference in the separation of concerns there is that the ACME tool is open source and

unread,

Please explain why CAs MUST NOT generate the key pairs

A major difference in the separation of concerns there is that the ACME tool is open source and

May 13

Corey Bonnell, … Kathleen Wilson4

May 13

CRL AuthorityKeyIdentifier Allowed Fields

I filed https://github.com/mozilla/pkipolicy/issues/226 to track this for our next policy update. I

unread,

CRL AuthorityKeyIdentifier Allowed Fields

I filed https://github.com/mozilla/pkipolicy/issues/226 to track this for our next policy update. I

May 13

Ben Wilson, Syrine Tlili2

May 11

Quantifying the Value of Adding a New CA

Hi All Thank you Ben for this document, it helps us understand the information you need to get from

unread,

Quantifying the Value of Adding a New CA

Hi All Thank you Ben for this document, it helps us understand the information you need to get from

May 11

Kathleen Wilson, … Rob Stradling13

May 11

DRAFT blog post: Beware of Applications Misusing Root Stores

> I updated the draft to link to https://github.com/crtsh/root_programs/tree/master/

unread,

DRAFT blog post: Beware of Applications Misusing Root Stores

> I updated the draft to link to https://github.com/crtsh/root_programs/tree/master/

May 11

Kathleen Wilson

May 5

Audit Reminder Email Summary - Intermediate Certificates

The CCADB sends email on the first Tuesday of each month to CAs with outdated audit statements in

unread,

Audit Reminder Email Summary - Intermediate Certificates

The CCADB sends email on the first Tuesday of each month to CAs with outdated audit statements in

May 5

Ben Wilson, … Ryan Hurst9

May 3

Replacement of GTS' GlobalSign Root CA – R2

Let me start with an apology for the delayed response to this thread. I took some time off in April

unread,

Replacement of GTS' GlobalSign Root CA – R2

Let me start with an apology for the delayed response to this thread. I took some time off in April

May 3

Corey Bonnell, Ryan Sleevi2

May 3

CA policy documents listing now-prohibited domain validation methods

On Mon, May 3, 2021 at 11:52 AM 'Corey Bonnell' via dev-security-policy@mozilla.org <dev-

unread,

CA policy documents listing now-prohibited domain validation methods

On Mon, May 3, 2021 at 11:52 AM 'Corey Bonnell' via dev-security-policy@mozilla.org <dev-

May 3

Kathleen Wilson, dev-secur...@mozilla.org2

May 3

Ignore email titled Sandbox: Welcome to the Common CA Database

Mass email sent via CCADB: ~~ All, Please ignore the email with subject "Sandbox: Welcome to the

unread,

Ignore email titled Sandbox: Welcome to the Common CA Database

Mass email sent via CCADB: ~~ All, Please ignore the email with subject "Sandbox: Welcome to the

May 3

Kathleen Wilson, … Ben Wilson3

Apr 21

Audit Reminder Email Summary - Root Certificates

Hi Kurt, So far we've been able to clear up two of these. First, we missed a checkbox in the

unread,

Audit Reminder Email Summary - Root Certificates

Hi Kurt, So far we've been able to clear up two of these. First, we missed a checkbox in the

Apr 21

Apr 20

April 2021 CA Communication and Survey

All, Today I sent out the following April 2021 CA Communication and Survey to all CAs in

unread,

April 2021 CA Communication and Survey

All, Today I sent out the following April 2021 CA Communication and Survey to all CAs in

Apr 20

Ben Wilson, … Syrine Tlili13

Apr 20

Public Discussion re: Inclusion of the TunTrust Root CA

All, Kathleen and I discussed iTrusChina's and TunTrust's root inclusion applications this

unread,

Public Discussion re: Inclusion of the TunTrust Root CA

All, Kathleen and I discussed iTrusChina's and TunTrust's root inclusion applications this

Apr 20

Ben Wilson, Ryan Sleevi5

Apr 20

Public Discussion re: Inclusion of the iTrusChina Root CAs

Hi Ryan, Kathleen and I discussed iTrusChina's and TunTrust's root inclusion applications

unread,

Public Discussion re: Inclusion of the iTrusChina Root CAs

Hi Ryan, Kathleen and I discussed iTrusChina's and TunTrust's root inclusion applications

Apr 20

Apr 15

Public Discussion of Asseco's Root Inclusion Request

Hi All, On March 22, 2021, we began the public discussion period [Step 4 of the Mozilla Root Store CA

unread,

Public Discussion of Asseco's Root Inclusion Request

Hi All, On March 22, 2021, we began the public discussion period [Step 4 of the Mozilla Root Store CA

Apr 15

Ben Wilson, … dr. Szőke Sándor17

Apr 14

DRAFT April 2021 CA Communication and Survey

You are right, NSS supports building an application- and customer-specific own root store. The

unread,

DRAFT April 2021 CA Communication and Survey

You are right, NSS supports building an application- and customer-specific own root store. The

Apr 14

Apr 12

Policy 2.7.1: Published

Version 2.7.1 of the Mozilla Root Store Policy is now available at: https://www.mozilla.org/en-US/

unread,

Policy 2.7.1: Published

Version 2.7.1 of the Mozilla Root Store Policy is now available at: https://www.mozilla.org/en-US/

Apr 12

Timothy Geiser, Ryan Sleevi2

Apr 5

Certificates with in-addr.arpa dNSNames

(Resending after a permissions snafu) Hi Timothy, In the CA/B Forum, this is tracked as https://

unread,

Certificates with in-addr.arpa dNSNames

(Resending after a permissions snafu) Hi Timothy, In the CA/B Forum, this is tracked as https://

Apr 5

Kathleen Wilson, Ben Wilson2

Apr 2

WELCOME to dev-security-policy

Thanks, Kathleen. I'm sure we'll all enjoy using this new list. Thanks again, Ben On Thursday

unread,

WELCOME to dev-security-policy

Thanks, Kathleen. I'm sure we'll all enjoy using this new list. Thanks again, Ben On Thursday

Apr 2

Search

Clear search

Close search

Google apps

Main menu