[cabfpub] SHA-1 exception request

Dean Coclin Dean_Coclin at symantec.com
Sun Oct 16 18:54:29 UTC 2016


Gerv,

Following up on my previous email and In addition the points posted there, I 
was reminded that the First Data TBS certs were issued with the expiration 
date in March as originally requested. Hence by Mozilla approving a different 
date,  we would be producing certificates that do not match the TBS certs.

I don't believe this is Mozilla's intention and I ask that you give fair 
consideration to the points posted here: 
https://cabforum.org/pipermail/public/2016-October/008559.html and here:
https://cabforum.org/pipermail/public/2016-October/008560.html.

Thanks,
Dean

-----Original Message-----
From: Gervase Markham [mailto:gerv at mozilla.org]
Sent: Thursday, October 13, 2016 3:38 PM
To: Dean Coclin <Dean_Coclin at symantec.com>; CABFPub <public at cabforum.org>
Cc: Halliday, Morgan <Morgan.Halliday at firstdata.com>; Sidoriak, Evan S 
<Evan.Sidoriak at firstdata.com>
Subject: Re: [cabfpub] SHA-1 exception request

On 29/09/16 19:52, Dean Coclin wrote:
> In accordance with the SHA-1 Exception Request procedure, we hereby
> submit the attached request on behalf of our client.

After consideration, Mozilla grants an exception for the issuance of
SHA-1 certificates, with the condition that they expire not after December 
31st 2016, in line with the policy Google drafted.

We accept there is a case to be made that duration does not directly affect 
risk of issuance, but it affects risk of ongoing use, and it affects the issue 
of moral hazard and fairness to other companies.

Mozilla's public purpose is to make the Internet a better place for everyone, 
and that includes citizens whose credit card data passes across it. We are 
saddened that various payment card industry standards do not seem to put as 
high a value on the security of users' data as the Internet community does.

Thanks to First Data for their honest answers to the questions put.

Gerv
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 5723 bytes
Desc: not available
URL: <http://lists.cabforum.org/pipermail/public/attachments/20161016/0a406075/attachment-0001.p7s>


More information about the Public mailing list