W3C home > Mailing lists > Public > public-webappsec@w3.org > April 2015

Re: Fate of Secure Origins in Question?

From: Eric Mill <eric@konklone.com>
Date: Mon, 6 Apr 2015 14:56:40 -0400
Message-ID: <CANBOYLV2PPsTyc7orGTx_wxpDj4O5d62Uxn+RvLZLE0czidRtw@mail.gmail.com>
To: Daniel Veditz <dveditz@mozilla.com>
Cc: Brad Hill <hillbrad@gmail.com>, noloader@gmail.com, "public-webappsec@w3.org" <public-webappsec@w3.org>
I hate to extend the off-topic thread more, but so it's clear, this is a
10-year old announcement:

As Peter Bowen pointed out in another thread, intermediate CAs (like Google
G2) have since become subject to auditing requirements they were not in

On Mon, Apr 6, 2015 at 1:05 PM, Daniel Veditz <dveditz@mozilla.com> wrote:

> I echo Brad's suggestion to take this concern to Mozilla's security policy
> group. Issuing unconstrained and un-audited sub-CA certs would violate
> Mozilla's certificate policy (see section 8 of
> https://www.mozilla.org/en-US/about/governance/policies/security-group/certs/policy/inclusion/).
> The press release doesn't actually say such certs would be unconstrained
> and GeoTrust should be well aware of these requirements, but it doesn't
> hurt to follow-up and make sure.
> -Dan Veditz

konklone.com | @konklone <https://twitter.com/konklone>
Received on Monday, 6 April 2015 18:57:48 UTC

This archive was generated by hypermail 2.4.0 : Friday, 17 January 2020 18:54:48 UTC