[cabfpub] Proposal of a SHA-1 exception procedure
Dean_Coclin at symantec.com
Mon Jun 27 22:33:58 UTC 2016
Is it safe to say from your comments below that Mozilla is supportive of the
Google proposal as currently written?
From: Gervase Markham [mailto:gerv at mozilla.org]
Sent: Tuesday, June 21, 2016 8:39 AM
To: Ryan Sleevi <sleevi at google.com>; Dean Coclin <Dean_Coclin at symantec.com>
Cc: CABFPub <public at cabforum.org>
Subject: Re: [cabfpub] Proposal of a SHA-1 exception procedure
On 17/06/16 20:17, Ryan Sleevi wrote:
> For Google, the procedure we laid out is one that, so far, we think
> best represents the balance between the ecosystem participants. That
> includes the necessary disclosures and information so that we can
> gather information necessary to avoid such situations in the future,
> while having the necessary transparency for us effectively accepting,
> on behalf of the Internet trust ecosystem, the security risks.
> It's useful to know what Apple/Mozilla/Opera/Qihoo360 think, as well
> as any other root store program that may be presented with such audits.
Mozilla is generally supportive of the extent and depth of the questions
outlined in Google's draft procedure. We don't see a problem with different
root programs having different requirements as long as none of them are
actively conflicting; the CAB Forum's role in this situation would be to
produce the superset of all the requirements, so that applicants can provide
all the information required by the different programs in one go.
-------------- next part --------------
A non-text attachment was scrubbed...
Size: 5723 bytes
Desc: not available
More information about the Public