[cabfpub] Proposal of a SHA-1 exception procedure

Dean Coclin Dean_Coclin at symantec.com
Mon Jun 27 22:33:58 UTC 2016


Is it safe to say from your comments below that Mozilla is supportive of the 
Google proposal as currently written?


-----Original Message-----
From: Gervase Markham [mailto:gerv at mozilla.org]
Sent: Tuesday, June 21, 2016 8:39 AM
To: Ryan Sleevi <sleevi at google.com>; Dean Coclin <Dean_Coclin at symantec.com>
Cc: CABFPub <public at cabforum.org>
Subject: Re: [cabfpub] Proposal of a SHA-1 exception procedure

On 17/06/16 20:17, Ryan Sleevi wrote:
> For Google, the procedure we laid out is one that, so far, we think
> best represents the balance between the ecosystem participants. That
> includes the necessary disclosures and information so that we can
> gather information necessary to avoid such situations in the future,
> while having the necessary transparency for us effectively accepting,
> on behalf of the Internet trust ecosystem, the security risks.
> It's useful to know what Apple/Mozilla/Opera/Qihoo360 think, as well
> as any other root store program that may be presented with such audits.

Mozilla is generally supportive of the extent and depth of the questions 
outlined in Google's draft procedure. We don't see a problem with different 
root programs having different requirements as long as none of them are 
actively conflicting; the CAB Forum's role in this situation would be to 
produce the superset of all the requirements, so that applicants can provide 
all the information required by the different programs in one go.

-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 5723 bytes
Desc: not available
URL: <http://lists.cabforum.org/pipermail/public/attachments/20160627/5bd4104e/attachment-0001.p7s>

More information about the Public mailing list