Groups keyboard shortcuts have been updated

Dismiss

See shortcuts

dev-security-policy@mozilla.org

1–30 of 315

Welcome to the dev-security-policy group in which we discuss security-related policies, governance, and related topics; including discussion of Mozilla’s Root Store Policy and the NSS root certificate store.

Mailing List: dev-security-policy@mozilla.org
Web: https://groups.google.com/a/mozilla.org/g/dev-security-policy
Subscribe by using the button "Ask to join group" and complete the box "Reason for joining". Membership requests must provide context for your interest in joining the group. Requests without this information will be rejected.
Participation Guidelines: https://www.mozilla.org/about/governance/policies/participation/
Participants: https://wiki.mozilla.org/CA/Policy_Participants
Unsubscribe by sending email to: dev-security-policy+unsubscribe@mozilla.org
Previous archives (2009-2021): https://groups.google.com/g/mozilla.dev.security.policy
RSS feed: https://www.mail-archive.com/dev-security-policy@mozilla.org/maillist.xml

0 selected

May 12

Draft Agenda for Roundtable Discussion

Here is a draft agenda: Mozilla Root Program Roundtable – Draft Agenda (90 minutes) Welcome and

unread,

Draft Agenda for Roundtable Discussion

Here is a draft agenda: Mozilla Root Program Roundtable – Draft Agenda (90 minutes) Welcome and

May 12

Ben Wilson, … Mike Shaver10

May 12

Mozilla CA Program Roundtable Discussion

All, Listed below are some of the survey results and the top-scoring topics for Friday's

unread,

Mozilla CA Program Roundtable Discussion

All, Listed below are some of the survey results and the top-scoring topics for Friday's

May 12

Rich Salz, Peter Bowen3

May 6

So it looks like I'm not really missing anything. As Peter Bowen pointed out, VikingCloud owns a

unread,

So it looks like I'm not really missing anything. As Peter Bowen pointed out, VikingCloud owns a

May 6

Apr 29

Updated Mass Revocation wiki page

All, I have updated the Mass Revocation Events (MRE) wiki page with a new section that outlines

unread,

Updated Mass Revocation wiki page

All, I have updated the Mass Revocation Events (MRE) wiki page with a new section that outlines

Apr 29

Ben Wilson, … Doug Beattie5

Apr 28

Websites Trust Bit Removal in 2026

Hi Doug, You're right. My mistake. They would be April 15, 2028. Thanks, Ben On Mon, Apr 28, 2025

unread,

Websites Trust Bit Removal in 2026

Hi Doug, You're right. My mistake. They would be April 15, 2028. Thanks, Ben On Mon, Apr 28, 2025

Apr 28

Ben Wilson, … Arabella Barks23

Apr 18

Postponement of Removal of Websites Trust Bit for ePKI Root CA

Greetings, I tested it in Firefox, and the website provided me with a certificate issued by

unread,

Postponement of Removal of Websites Trust Bit for ePKI Root CA

Greetings, I tested it in Firefox, and the website provided me with a certificate issued by

Apr 18

Ben Wilson, … 大野文彰4

Apr 1

MRSP 3.0: Published

Hello Ben-san, Thank you for your quick and courteous reply. We will prepare a report on how to post

unread,

MRSP 3.0: Published

Hello Ben-san, Thank you for your quick and courteous reply. We will prepare a report on how to post

Apr 1

Arabella Barks, … Aaron Gable14

Mar 25

Discussions on mechanism to enhance the Use of Digital Certificate Private Keys Similar to PwnedKeys

Possession of a CSR is not proof of compromise. For a quick demonstration, here are 45k CSRs which I

unread,

Discussions on mechanism to enhance the Use of Digital Certificate Private Keys Similar to PwnedKeys

Possession of a CSR is not proof of compromise. For a quick demonstration, here are 45k CSRs which I

Mar 25

Mar 12

Mozilla Security Blog Post on MRSP v. 3.0

All, Here is a recent blog post with MRSP v.3.0 as the main subject. https://blog.mozilla.org/

unread,

Mozilla Security Blog Post on MRSP v. 3.0

All, Here is a recent blog post with MRSP v.3.0 as the main subject. https://blog.mozilla.org/

Mar 12

Mar 11

Mass Revocation Planning Guidance

All, To assist CA operators in complying with MRSP section 6.1.3, I have started a wiki page to

unread,

Mass Revocation Planning Guidance

All, To assist CA operators in complying with MRSP section 6.1.3, I have started a wiki page to

Mar 11

Feb 20

Results of the Mozilla February 2025 CA Communication and Survey

All, Here are the responses to the Mozilla February 2025 CA Communication and Survey. The responses

unread,

Results of the Mozilla February 2025 CA Communication and Survey

All, Here are the responses to the Mozilla February 2025 CA Communication and Survey. The responses

Feb 20

Ben Wilson, … Jeremy Rowley7

Feb 19

MRSP 3.0: Survey Results and Status Update

All, I have renamed the previously-mentioned branch to Final Updates 3.0 (https://github.com/mozilla/

unread,

MRSP 3.0: Survey Results and Status Update

All, I have renamed the previously-mentioned branch to Final Updates 3.0 (https://github.com/mozilla/

Feb 19

Feb 18

Mass Revocation Incident Preparation and Testing Plan

Here is a non-normative template based on requests from CAs for guidance on the upcoming MRSP section

unread,

Mass Revocation Incident Preparation and Testing Plan

Here is a non-normative template based on requests from CAs for guidance on the upcoming MRSP section

Feb 18

Hanno Böck, … Pierre Barre17

Feb 16

Concerns about very-short-lived certificates

Subject: Professionalism and Constructive Discussion Matt, Your response crosses the line from

unread,

Concerns about very-short-lived certificates

Subject: Professionalism and Constructive Discussion Matt, Your response crosses the line from

Feb 16

Amir Omidi (aaomidi), … Entschew, Enrico4

Feb 12

d-trust data protection incident

Hi Hanno, I have inserted my answers further down in the text --> <-- and hope to contribute to

unread,

d-trust data protection incident

Hi Hanno, I have inserted my answers further down in the text --> <-- and hope to contribute to

Feb 12

Ben Wilson, … Tim Callan13

Feb 11

Proposal to Close Delayed Revocation Incidents

Here are the results of my triage: CA Bugzilla Status HARICA https://bugzilla.mozilla.org/show_bug.

unread,

Proposal to Close Delayed Revocation Incidents

Here are the results of my triage: CA Bugzilla Status HARICA https://bugzilla.mozilla.org/show_bug.

Feb 11

Jeremy Rowley, … Rob Stradling24

Feb 7

Sectigo acquires Entrust business

> The fact that Linux distributions and other software like Alpine and curl are "copying

unread,

Sectigo acquires Entrust business

> The fact that Linux distributions and other software like Alpine and curl are "copying

Feb 7

Feb 7

Root Program Guidance/Issue Classfication

On Fri, Feb 7, 2025 at 8:41 AM Mike Shaver <mike....@gmail.com> wrote https://groups.google.

unread,

Root Program Guidance/Issue Classfication

On Fri, Feb 7, 2025 at 8:41 AM Mike Shaver <mike....@gmail.com> wrote https://groups.google.

Feb 7

Dana Keeler, … Jeremy Rowley9

Feb 4

Certificate Transparency is now enforced in Firefox on desktop platforms starting with version 135

Personally, I don't think I fundamentally disagree with anything in that blog post. Much of the

unread,

Certificate Transparency is now enforced in Firefox on desktop platforms starting with version 135

Personally, I don't think I fundamentally disagree with anything in that blog post. Much of the

Feb 4

Ben Wilson, … Rob Stradling49

Feb 3

MRSP 3.0: Issue #276: Delayed Revocation

All, I have edited proposed section 6.1.3 of the MRSP to add/allow "annual plan testing through

unread,

MRSP 3.0: Issue #276: Delayed Revocation

All, I have edited proposed section 6.1.3 of the MRSP to add/allow "annual plan testing through

Feb 3

Jan 30

Legal transfer of ownership and MDSP

I've been looking at Section 8.1 of the Mozilla CA policy, and I think you could easily game the

unread,

Legal transfer of ownership and MDSP

I've been looking at Section 8.1 of the Mozilla CA policy, and I think you could easily game the

Jan 30

Jan 27

MRSP 3.0: Request for Feedback: Draft CA Communication and Survey

Greetings All, I am finalizing a mass email communication and survey to be sent to CA operators that

unread,

MRSP 3.0: Request for Feedback: Draft CA Communication and Survey

Greetings All, I am finalizing a mass email communication and survey to be sent to CA operators that

Jan 27

Jan 24

Fortinet incident

Hi, As many will likely have heard, there has been a leak of fortinet configuration files posted to

unread,

Fortinet incident

Hi, As many will likely have heard, there has been a leak of fortinet configuration files posted to

Jan 24

Jan 24

Certificate problem reporting undermined by Microsoft spam filters

Hi, I have recently reported a number of certificates with compromised private keys to CAs due to the

unread,

Certificate problem reporting undermined by Microsoft spam filters

Hi, I have recently reported a number of certificates with compromised private keys to CAs due to the

Jan 24

Jan 22

MRSP 3.0: Issue #s 270 and 271: Incident Reporting

All, I am proposing that we reduce the language in MRSP section 2.4 (Incidents) even more, and rely

unread,

MRSP 3.0: Issue #s 270 and 271: Incident Reporting

All, I am proposing that we reduce the language in MRSP section 2.4 (Incidents) even more, and rely

Jan 22

Ben Wilson, … Doug Beattie12

Jan 16

MRSP 3.0: Issue #279: TLS-specific and S/MIME-specific Root CAs

Hi Doug, I can make changes in section 7.5 to explicitly exempt OCSP Signing Certificates by adding

unread,

MRSP 3.0: Issue #279: TLS-specific and S/MIME-specific Root CAs

Hi Doug, I can make changes in section 7.5 to explicitly exempt OCSP Signing Certificates by adding

Jan 16

Jan 14

Approval of SECOM Request for Cybertrust Japan SureMail CA G5

All, Public discussion of the SECOM request regarding issuance of a CA certificate for the Cybertrust

unread,

Approval of SECOM Request for Cybertrust Japan SureMail CA G5

All, Public discussion of the SECOM request regarding issuance of a CA certificate for the Cybertrust

Jan 14

Mike Benza, … Jeffrey Walton4

Jan 10

GLOBALTRUST 2020's reinclusion in Mozilla's trusted certificates

On Friday, January 10, 2025 at 12:13:51 PM UTC-5 Andrew Ayer wrote: Hi Mike, GLOBALTRUST was never

unread,

GLOBALTRUST 2020's reinclusion in Mozilla's trusted certificates

On Friday, January 10, 2025 at 12:13:51 PM UTC-5 Andrew Ayer wrote: Hi Mike, GLOBALTRUST was never

Jan 10

Ben Wilson, … Rob Stradling8

Jan 9

MRSP 3.0: Issue #283: Automation of certificate issuance and renewal

Hi Adriano, If needed, we can clarify the language to communicate better our expectation that renewal

unread,

MRSP 3.0: Issue #283: Automation of certificate issuance and renewal

Hi Adriano, If needed, we can clarify the language to communicate better our expectation that renewal

Jan 9

12/18/24

Timing of Public Discussion of S/MIME External Sub CA

All, I intend to start public discussion of this matter using the CCADB Public list (https://groups.

unread,

Timing of Public Discussion of S/MIME External Sub CA

All, I intend to start public discussion of this matter using the CCADB Public list (https://groups.

12/18/24

Search

Clear search

Close search

Google apps

Main menu