Groups
Conversations
All groups and messages
Send feedback to Google
Help
Sign in
Groups
mozilla.dev.security.policy
Conversations
About
Sort By Relevance
Sort By Date
1–17 of 17
Ben Wilson
, …
Wanko Clemens
48
3/30/21
Policy 2.7.1: MRSP Issue #192: Require information about auditor qualifications in the audit report
All, Here, for your review and comment, is the final version of the wiki page guidance on providing auditor qualifications. I appreciate the input we
unread,
Policy 2.7.1: MRSP Issue #192: Require information about auditor qualifications in the audit report
All, Here, for your review and comment, is the final version of the wiki page guidance on providing auditor qualifications. I appreciate the input we
3/30/21
Ben Wilson
, …
Ryan Sleevi
21
3/19/21
Policy 2.7.1: MRSP Issue #206: Limit re-use of domain name verification to 398 days
security-
policy
< > dev-security-
policy
@lists.mozilla.org> wrote: > >> Thanks Ben. >> >> >> >> What's the purpose of this statement
unread,
Policy 2.7.1: MRSP Issue #206: Limit re-use of domain name verification to 398 days
security-
policy
< > dev-security-
policy
@lists.mozilla.org> wrote: > >> Thanks Ben. >> >> >> >> What's the purpose of this statement
3/19/21
Ben Wilson
, …
Bruce
16
3/11/21
Policy 2.7.1: MRSP Issue #153: Cradle-to-Grave Contiguous Audits
security-
policy
< > dev-security-
policy
@lists.mozilla.org> wrote: > >> On Saturday, March 6, 2021 at 11:17:53 PM UTC-5, bwi...@mozilla.com >> wrote
unread,
Policy 2.7.1: MRSP Issue #153: Cradle-to-Grave Contiguous Audits
security-
policy
< > dev-security-
policy
@lists.mozilla.org> wrote: > >> On Saturday, March 6, 2021 at 11:17:53 PM UTC-5, bwi...@mozilla.com >> wrote
3/11/21
Ben Wilson
, …
Aaron Gable
8
3/8/21
Policy 2.7.1: MRSP Issue #218: Clarify CRL requirements for End Entity Certificates
Root Store
Policy
, I'm proposing the > following sentence for section 6.1 - "A CA MUST ensure that it populates > the CCADB with the appropriate 'full CRL'
unread,
Policy 2.7.1: MRSP Issue #218: Clarify CRL requirements for End Entity Certificates
Root Store
Policy
, I'm proposing the > following sentence for section 6.1 - "A CA MUST ensure that it populates > the CCADB with the appropriate 'full CRL'
3/8/21
Ben Wilson
, …
Jeff Ward
13
3/8/21
Policy 2.7.1: MRSP Issue #187: Require disclosure of incidents in Audit Reports
security-
policy
< dev-security-
policy
@lists.mozilla.org> wrote: > On Friday, February 12, 2021 at 10:27:11 AM UTC-6, Ben Wilson wrote: > > I'm fine with that
unread,
Policy 2.7.1: MRSP Issue #187: Require disclosure of incidents in Audit Reports
security-
policy
< dev-security-
policy
@lists.mozilla.org> wrote: > On Friday, February 12, 2021 at 10:27:11 AM UTC-6, Ben Wilson wrote: > > I'm fine with that
3/8/21
Ben Wilson
,
Jeff Ward
5
2/15/21
Policy 2.7.1: MRSP Issue #207: Require audit statements to provide information about which CA Locations were audited
security-
policy
< > dev-security-
policy
@lists.mozilla.org> wrote: > >> On Sunday, January 3, 2021 at 8:38:05 AM UTC-6, Jeff Ward wrote: >> > On Tuesday
unread,
Policy 2.7.1: MRSP Issue #207: Require audit statements to provide information about which CA Locations were audited
security-
policy
< > dev-security-
policy
@lists.mozilla.org> wrote: > >> On Sunday, January 3, 2021 at 8:38:05 AM UTC-6, Jeff Ward wrote: >> > On Tuesday
2/15/21
Ben Wilson
2/11/21
Policy 2.7.1: MRSP Issue #221: Wrong hyperlink for "Material Change" in MRSP Section 8
v.
2.7
.
1
a minor change that corrects a hyperlink issue in MRSP section 8. The link to "material change" here redirects to "alteration of instruments" - https
unread,
Policy 2.7.1: MRSP Issue #221: Wrong hyperlink for "Material Change" in MRSP Section 8
v.
2.7
.
1
a minor change that corrects a hyperlink issue in MRSP section 8. The link to "material change" here redirects to "alteration of instruments" - https
2/11/21
Ben Wilson
, …
Jakob Bohm
12
2/10/21
Policy 2.7.1: MRSP Issue #186: Requirement to Disclose Self-signed Certificates
security-
policy
< >> dev-security-
policy
@lists.mozilla.org> wrote: >> >>> >>> How would that phrasing cover doppelgangers of intermediary
unread,
Policy 2.7.1: MRSP Issue #186: Requirement to Disclose Self-signed Certificates
security-
policy
< >> dev-security-
policy
@lists.mozilla.org> wrote: >> >>> >>> How would that phrasing cover doppelgangers of intermediary
2/10/21
Ben Wilson
, …
Kathleen Wilson
17
1/24/21
Policy 2.7.1: MRSP Issue #152: Add EV Audit exception for Policy Constraints
to explain
policy
constraints for EV audit exceptions in the MRSP. On Fri, Nov 6, 2020 at 4:43 PM Kathleen Wilson via dev-security-
policy
< dev-security-
policy
@lists.mozilla
unread,
Policy 2.7.1: MRSP Issue #152: Add EV Audit exception for Policy Constraints
to explain
policy
constraints for EV audit exceptions in the MRSP. On Fri, Nov 6, 2020 at 4:43 PM Kathleen Wilson via dev-security-
policy
< dev-security-
policy
@lists.mozilla
1/24/21
Ben Wilson
1/21/21
Policy 2.7.1: MRSP Issue #139: Audits required even if not issuing
Root Store
Policy
(v.
2.7
.
1
). > > #139 - Audits are > required even if no longer issuing - Clarify that audits are required until > the CA certificate is revoked, expired
unread,
Policy 2.7.1: MRSP Issue #139: Audits required even if not issuing
Root Store
Policy
(v.
2.7
.
1
). > > #139 - Audits are > required even if no longer issuing - Clarify that audits are required until > the CA certificate is revoked, expired
1/21/21
Ben Wilson
1/21/21
Policy 2.7.1: MRSP Issue #147 - Require EV audits for certificates capable of issuing EV certificates
security-
policy
wrote: > >> I see that this is related to >> https://github.com/mozilla/pkipolicy/issues/152, so I guess Mozilla >> Firefox does not enable
unread,
Policy 2.7.1: MRSP Issue #147 - Require EV audits for certificates capable of issuing EV certificates
security-
policy
wrote: > >> I see that this is related to >> https://github.com/mozilla/pkipolicy/issues/152, so I guess Mozilla >> Firefox does not enable
1/21/21
Ben Wilson
, …
Wayne Thayer
3
12/21/20
Policy 2.7.1: MRSP Issue #211: Align OCSP requirements in Mozilla's policy with the BRs
security-
policy
< dev-security-
policy
@lists.mozilla.org> wrote: > One potential option (5) would be to go even further than (2), and remove > the OCSP paragraph from
unread,
Policy 2.7.1: MRSP Issue #211: Align OCSP requirements in Mozilla's policy with the BRs
security-
policy
< dev-security-
policy
@lists.mozilla.org> wrote: > One potential option (5) would be to go even further than (2), and remove > the OCSP paragraph from
12/21/20
Ben Wilson
, …
Matt Palmer
27
11/16/20
Policy 2.7.1:MRSP Issue #205: Require CAs to publish accepted methods for proving key compromise
security-
policy
> wrote: > > I doubt it. So far, every CA that's decided to come up with their own > > method of proving key compromise has produced something entirely
unread,
Policy 2.7.1:MRSP Issue #205: Require CAs to publish accepted methods for proving key compromise
security-
policy
> wrote: > > I doubt it. So far, every CA that's decided to come up with their own > > method of proving key compromise has produced something entirely
11/16/20
Ben Wilson
2
11/11/20
Policy 2.7.1: Process Overview
exception for
Policy
Constraints – leaf certificates do not receive EV treatment unless signed by an intermediate CA with EV OID or anyPolicy OID, therefore they can be excluded from
unread,
Policy 2.7.1: Process Overview
exception for
Policy
Constraints – leaf certificates do not receive EV treatment unless signed by an intermediate CA with EV OID or anyPolicy OID, therefore they can be excluded from
11/11/20
Ben Wilson
10/28/20
Policy 2.7.1: MRSP Issue #173: Strengthen requirement for newly included roots to meet all current requirements
Root Store
Policy
and Baseline Requirements." If an older root were to be submitted for inclusion that does not meet current requirements, there might be an argument that the
unread,
Policy 2.7.1: MRSP Issue #173: Strengthen requirement for newly included roots to meet all current requirements
Root Store
Policy
and Baseline Requirements." If an older root were to be submitted for inclusion that does not meet current requirements, there might be an argument that the
10/28/20
Ben Wilson
10/22/20
Policy 2.7.1: MRSP Issue #154: Require Management Assertions to list Non-compliance
Root Store
Policy
. Issue #154 in GitHub proposes to require that management assertions (CA disclosures to auditors) provide written mention of all incidents occurring (or open)
unread,
Policy 2.7.1: MRSP Issue #154: Require Management Assertions to list Non-compliance
Root Store
Policy
. Issue #154 in GitHub proposes to require that management assertions (CA disclosures to auditors) provide written mention of all incidents occurring (or open)
10/22/20
Ben Wilson
, …
Doug Beattie
5
10/6/20
Policy 2.7.1 Issues to be Considered
to the
2.7
.
1
batch of proposed changes. I've started discussion of Issue 147, so we can discuss it there, or I can create a separate email thread for it. On Fri, Oct 2, 2020 at 5:16 AM
unread,
Policy 2.7.1 Issues to be Considered
to the
2.7
.
1
batch of proposed changes. I've started discussion of Issue 147, so we can discuss it there, or I can create a separate email thread for it. On Fri, Oct 2, 2020 at 5:16 AM
10/6/20