这是indexloc提供的服务，不要输入任何密码

Groups

dev-security-policy@mozilla.org

1–30 of 326

Welcome to the dev-security-policy group in which we discuss security-related policies, governance, and related topics; including discussion of Mozilla’s Root Store Policy and the NSS root certificate store.

Mailing List: dev-security-policy@mozilla.org
Web: https://groups.google.com/a/mozilla.org/g/dev-security-policy
Subscribe by using the button "Ask to join group" and complete the box "Reason for joining". Membership requests must provide context for your interest in joining the group. Requests without this information will be rejected.
Participation Guidelines: https://www.mozilla.org/about/governance/policies/participation/
Participants: https://wiki.mozilla.org/CA/Policy_Participants
Unsubscribe by sending email to: dev-security-policy+unsubscribe@mozilla.org
Previous archives (2009-2021): https://groups.google.com/g/mozilla.dev.security.policy
RSS feed: https://www.mail-archive.com/dev-security-policy@mozilla.org/maillist.xml

0 selected

Jul 24

Preview of Let's Encrypt's upcoming Root Ceremony

Hi Sándor, Good question! The first interpretation is correct. The authorityKeyIdentifier extension

unread,

Preview of Let's Encrypt's upcoming Root Ceremony

Hi Sándor, Good question! The first interpretation is correct. The authorityKeyIdentifier extension

Jul 24

Jul 14

Fwd: [Smcwg-public] Deprecation of Legacy

Forwarding for additional visibility and notice to SMIME-issuing CAs. ---------- Forwarded message --

unread,

Fwd: [Smcwg-public] Deprecation of Legacy

Forwarding for additional visibility and notice to SMIME-issuing CAs. ---------- Forwarded message --

Jul 14

Hanno Böck, … John Schanck4

Jun 20

Limitations of aggreated CRL revocation checks

Right, Mozilla root store policy [1] requires CAs to disclose their CRLs in CCADB. Mozilla's

unread,

Limitations of aggreated CRL revocation checks

Right, Mozilla root store policy [1] requires CAs to disclose their CRLs in CCADB. Mozilla's

Jun 20

Ben Wilson, … Jeremy Rowley64

Jun 19

Results of 2025 Roundtable Discussion

Sounds good. The 50k number sounds about right based on those bugs too. Most CPS errors do not

unread,

Results of 2025 Roundtable Discussion

Sounds good. The 50k number sounds about right based on those bugs too. Most CPS errors do not

Jun 19

Dana Keeler, … Pierre Barre10

Jun 18

Certificate Transparency is now enforced in Firefox on desktop platforms starting with version 135

Hello, I am quite late to the party on this thread, but having recently implemented a CT log (https:/

unread,

Certificate Transparency is now enforced in Firefox on desktop platforms starting with version 135

Hello, I am quite late to the party on this thread, but having recently implemented a CT log (https:/

Jun 18

Jun 17

Approval of SwissSign's Root Inclusion Requests

All, The Mozilla root inclusion process is outlined here: https://wiki.mozilla.org/CA/

unread,

Approval of SwissSign's Root Inclusion Requests

All, The Mozilla root inclusion process is outlined here: https://wiki.mozilla.org/CA/

Jun 17

Amir Omidi, … Watson Ladd6

Jun 15

Email I've received regarding Digicert

Dear Digicert and other dev sec policy people, I think this email and the response raises a lot of

unread,

Email I've received regarding Digicert

Dear Digicert and other dev sec policy people, I think this email and the response raises a lot of

Jun 15

Matt Palmer, … Mike Shaver13

Jun 11

Mitigations needed for legal action imposing delayed revocation

On Tue, Jun 10, 2025 at 08:38:44AM -0400, Mike Shaver wrote: > (In the history of distrust events,

unread,

Mitigations needed for legal action imposing delayed revocation

On Tue, Jun 10, 2025 at 08:38:44AM -0400, Mike Shaver wrote: > (In the history of distrust events,

Jun 11

Ben Wilson, Arabella Barks3

Jun 7

Approval of TrustAsia's root inclusion request

Thanks for letting me know. I think it was a clip-and-paste error. Here are the correct links:

unread,

Approval of TrustAsia's root inclusion request

Thanks for letting me know. I think it was a clip-and-paste error. Here are the correct links:

Jun 7

Hanno Böck, … Suchan Seo4

May 19

Unusual / unparseable internediate certificate in CT log (cPanel)

https://github.com/golang/go/commit/51ff3a6965b3fc40aceebe90eaf15a8a1a00a452 looks like it fixed in

unread,

Unusual / unparseable internediate certificate in CT log (cPanel)

https://github.com/golang/go/commit/51ff3a6965b3fc40aceebe90eaf15a8a1a00a452 looks like it fixed in

May 19

Xiaohui Lam, … Matt Palmer16

May 16

Extended discuss of ACME DNS Labeled With ACME Account ID Challenge

Hi Matt, Thanks for your participation in the discussion. I think rare is just my personal habit of

unread,

Extended discuss of ACME DNS Labeled With ACME Account ID Challenge

Hi Matt, Thanks for your participation in the discussion. I think rare is just my personal habit of

May 16

Aaron Gable, Corey Bonnell2

May 15

New Bugzilla Report regarding issuance for Internationalized Domain Names

Hi Aaron, Thanks for raising this. Regarding the callout on P-labels in the bug: > By these

unread,

New Bugzilla Report regarding issuance for Internationalized Domain Names

Hi Aaron, Thanks for raising this. Regarding the callout on P-labels in the bug: > By these

May 15

May 13

Draft Agenda for Roundtable Discussion

Here is a draft agenda: Mozilla Root Program Roundtable – Draft Agenda (90 minutes) Welcome and

unread,

Draft Agenda for Roundtable Discussion

Here is a draft agenda: Mozilla Root Program Roundtable – Draft Agenda (90 minutes) Welcome and

May 13

Ben Wilson, … Mike Shaver10

May 13

Mozilla CA Program Roundtable Discussion

All, Listed below are some of the survey results and the top-scoring topics for Friday's

unread,

Mozilla CA Program Roundtable Discussion

All, Listed below are some of the survey results and the top-scoring topics for Friday's

May 13

Rich Salz, Peter Bowen3

May 7

So it looks like I'm not really missing anything. As Peter Bowen pointed out, VikingCloud owns a

unread,

So it looks like I'm not really missing anything. As Peter Bowen pointed out, VikingCloud owns a

May 7

Apr 30

Updated Mass Revocation wiki page

All, I have updated the Mass Revocation Events (MRE) wiki page with a new section that outlines

unread,

Updated Mass Revocation wiki page

All, I have updated the Mass Revocation Events (MRE) wiki page with a new section that outlines

Apr 30

Ben Wilson, … Doug Beattie5

Apr 29

Websites Trust Bit Removal in 2026

Hi Doug, You're right. My mistake. They would be April 15, 2028. Thanks, Ben On Mon, Apr 28, 2025

unread,

Websites Trust Bit Removal in 2026

Hi Doug, You're right. My mistake. They would be April 15, 2028. Thanks, Ben On Mon, Apr 28, 2025

Apr 29

Ben Wilson, … Arabella Barks23

Apr 18

Postponement of Removal of Websites Trust Bit for ePKI Root CA

Greetings, I tested it in Firefox, and the website provided me with a certificate issued by

unread,

Postponement of Removal of Websites Trust Bit for ePKI Root CA

Greetings, I tested it in Firefox, and the website provided me with a certificate issued by

Apr 18

Ben Wilson, … 大野文彰4

Apr 1

MRSP 3.0: Published

Hello Ben-san, Thank you for your quick and courteous reply. We will prepare a report on how to post

unread,

MRSP 3.0: Published

Hello Ben-san, Thank you for your quick and courteous reply. We will prepare a report on how to post

Apr 1

Arabella Barks, … Aaron Gable14

Mar 26

Discussions on mechanism to enhance the Use of Digital Certificate Private Keys Similar to PwnedKeys

Possession of a CSR is not proof of compromise. For a quick demonstration, here are 45k CSRs which I

unread,

Discussions on mechanism to enhance the Use of Digital Certificate Private Keys Similar to PwnedKeys

Possession of a CSR is not proof of compromise. For a quick demonstration, here are 45k CSRs which I

Mar 26

Mar 13

Mozilla Security Blog Post on MRSP v. 3.0

All, Here is a recent blog post with MRSP v.3.0 as the main subject. https://blog.mozilla.org/

unread,

Mozilla Security Blog Post on MRSP v. 3.0

All, Here is a recent blog post with MRSP v.3.0 as the main subject. https://blog.mozilla.org/

Mar 13

Mar 12

Mass Revocation Planning Guidance

All, To assist CA operators in complying with MRSP section 6.1.3, I have started a wiki page to

unread,

Mass Revocation Planning Guidance

All, To assist CA operators in complying with MRSP section 6.1.3, I have started a wiki page to

Mar 12

Feb 21

Results of the Mozilla February 2025 CA Communication and Survey

All, Here are the responses to the Mozilla February 2025 CA Communication and Survey. The responses

unread,

Results of the Mozilla February 2025 CA Communication and Survey

All, Here are the responses to the Mozilla February 2025 CA Communication and Survey. The responses

Feb 21

Ben Wilson, … Jeremy Rowley7

Feb 20

MRSP 3.0: Survey Results and Status Update

All, I have renamed the previously-mentioned branch to Final Updates 3.0 (https://github.com/mozilla/

unread,

MRSP 3.0: Survey Results and Status Update

All, I have renamed the previously-mentioned branch to Final Updates 3.0 (https://github.com/mozilla/

Feb 20

Feb 19

Mass Revocation Incident Preparation and Testing Plan

Here is a non-normative template based on requests from CAs for guidance on the upcoming MRSP section

unread,

Mass Revocation Incident Preparation and Testing Plan

Here is a non-normative template based on requests from CAs for guidance on the upcoming MRSP section

Feb 19

Hanno Böck, … Pierre Barre17

Feb 17

Concerns about very-short-lived certificates

Subject: Professionalism and Constructive Discussion Matt, Your response crosses the line from

unread,

Concerns about very-short-lived certificates

Subject: Professionalism and Constructive Discussion Matt, Your response crosses the line from

Feb 17

Amir Omidi (aaomidi), … Entschew, Enrico4

Feb 12

d-trust data protection incident

Hi Hanno, I have inserted my answers further down in the text --> <-- and hope to contribute to

unread,

d-trust data protection incident

Hi Hanno, I have inserted my answers further down in the text --> <-- and hope to contribute to

Feb 12

Ben Wilson, … Tim Callan13

Feb 12

Proposal to Close Delayed Revocation Incidents

Here are the results of my triage: CA Bugzilla Status HARICA https://bugzilla.mozilla.org/show_bug.

unread,

Proposal to Close Delayed Revocation Incidents

Here are the results of my triage: CA Bugzilla Status HARICA https://bugzilla.mozilla.org/show_bug.

Feb 12

Jeremy Rowley, … Rob Stradling24

Feb 8

Sectigo acquires Entrust business

> The fact that Linux distributions and other software like Alpine and curl are "copying

unread,

Sectigo acquires Entrust business

> The fact that Linux distributions and other software like Alpine and curl are "copying

Feb 8

Feb 8

Root Program Guidance/Issue Classfication

On Fri, Feb 7, 2025 at 8:41 AM Mike Shaver <mike....@gmail.com> wrote https://groups.google.

unread,

Root Program Guidance/Issue Classfication

On Fri, Feb 7, 2025 at 8:41 AM Mike Shaver <mike....@gmail.com> wrote https://groups.google.

Feb 8

Search

Clear search

Close search

Google apps

Main menu