On 05.12.2018 21:26, Ryan Sleevi wrote:
On Wed, Dec 5, 2018 at 7:53 AM Wojciech Trapczyński
wrote:
Ryan, thank you for your comment. The answers to your questions below:
Again, thank you for filing a good post-mortem.
I want to call out a number of positive things here rather explicitly, so
On Wed, Dec 5, 2018 at 7:53 AM Wojciech Trapczyński
wrote:
> Ryan, thank you for your comment. The answers to your questions below:
>
Again, thank you for filing a good post-mortem.
I want to call out a number of positive things here rather explicitly, so
that it hopefully can serve as a
On Tue, Dec 4, 2018 at 2:08 PM Kurt Roeckx wrote:
> He explained before that the module that generated the corrupt
> signature for the CRL was in a weird state after that and all
> the newly issued certificates signed by that module also had
> corrupt signatures.
>
Ah! Thanks, I misparsed that.
On Tue, Dec 04, 2018 at 01:14:44PM -0500, Ryan Sleevi via dev-security-policy
wrote:
>
> > All issued certificates were unusable due to corrupted signature.
> >
>
> Could you speak to more about how you assessed this? An incorrect signature
> on the CRL would not necessarily prevent the
>
> Thanks for filing this, Wojciech. This is definitely one of the better
incident reports in terms of providing details and structure, while also
speaking to the steps the CA has taken in response. There was sufficient
detail here that I don't have a lot of questions - if anything, it sounds
On 04.12.2018 15:16, Kurt Roeckx via dev-security-policy wrote:
I think you misunderstood my question. I think you should never serve an
invalid file. I think it's better to have a file that is 1 or 2 days old
then it is to have an invalid file. So you could check that it's a valid
file before
On 2018-12-04 10:25, Wojciech Trapczyński wrote:
On 04.12.2018 10:01, Kurt Roeckx via dev-security-policy wrote:
On 2018-12-04 7:24, Wojciech Trapczyński wrote:
Question 1: Was there a period during which this issuing CA had no
validly signed non-expired CRL due to this incident?
Between
On 04.12.2018 10:01, Kurt Roeckx via dev-security-policy wrote:
On 2018-12-04 7:24, Wojciech Trapczyński wrote:
Question 1: Was there a period during which this issuing CA had no
validly signed non-expired CRL due to this incident?
Between 10.11.2018 01:05 (UTC±00:00) and 14.11.2018 07:35
On 2018-12-04 7:24, Wojciech Trapczyński wrote:
Question 1: Was there a period during which this issuing CA had no
validly signed non-expired CRL due to this incident?
Between 10.11.2018 01:05 (UTC±00:00) and 14.11.2018 07:35 (UTC±00:00) we
were serving one CRL with corrupted signature.
Thank you. The answers to your questions below.
On 04.12.2018 00:47, Jakob Bohm via dev-security-policy wrote:
On 03/12/2018 12:06, Wojciech Trapczyński wrote:
Please find our incident report below.
This post links to https://bugzilla.mozilla.org/show_bug.cgi?id=1511459.
---
1. How your CA
On 03/12/2018 12:06, Wojciech Trapczyński wrote:
> Please find our incident report below.
>
> This post links to https://bugzilla.mozilla.org/show_bug.cgi?id=1511459.
>
> ---
>
> 1. How your CA first became aware of the problem (e.g. via a problem
> report submitted to your Problem Reporting
Please find our incident report below.
This post links to https://bugzilla.mozilla.org/show_bug.cgi?id=1511459.
---
1. How your CA first became aware of the problem (e.g. via a problem
report submitted to your Problem Reporting Mechanism, a discussion in
mozilla.dev.security.policy, a
12 matches
Mail list logo