Re: Recent Entrust Compliance Incidents

2024-05-15 Thread 'Amir Omidi (aaomidi)' via dev-security-policy@mozilla.org
n Saturday, May 11, 2024 at 8:04:24 PM UTC+1 Chris Bailey wrote: > >> To Ben Wilson and the Mozilla Community: >> >> >> >> I want to acknowledge your letter and the input from you and the >> community. We agree that we have go-forward opportunities to improv

Re: Recent Entrust Compliance Incidents

2024-05-11 Thread Wayne
tes > > Entrust > > > > *From: *'Ben Wilson' via dev-secur...@mozilla.org < > dev-secur...@mozilla.org> > *Date: *Tuesday, May 7, 2024 at 10:59 AM > *To: *dev-secur...@mozilla.org > *Subject: *[EXTERNAL] Recent Entrust Compliance Incidents > > Dear M

Re: [EXTERNAL] Recent Entrust Compliance Incidents

2024-05-11 Thread 'Chris Bailey' via dev-security-policy@mozilla.org
. Until then, please contact me directly with additional questions or feedback. Sincerely, Chris Bailey VP-Digital Certificates Entrust From: 'Ben Wilson' via dev-security-policy@mozilla.org Date: Tuesday, May 7, 2024 at 10:59 AM To: dev-secur...@mozilla.org Subject: [EXTERNAL] Recent Entrust

Re: Recent Entrust Compliance Incidents

2024-05-10 Thread 'Ben Wilson' via dev-security-policy@mozilla.org
Added " Although not expressed in the bug, it appears that certificate revocation was delayed as well." On Fri, May 10, 2024 at 10:54 AM George wrote: > Although it was not mentioned in the original bug, it may be worth adding > that the certificates in bug 1867130 >

Re: Recent Entrust Compliance Incidents

2024-05-10 Thread 'George' via dev-security-policy@mozilla.org
Although it was not mentioned in the original bug, it may be worth adding that the certificates in [bug 1867130](https://bugzilla.mozilla.org/show_bug.cgi?id=1867130) were also not revoked within 5 days of discovery. Entrust might've based the start of the 5 day deadline at the time the

Re: Recent Entrust Compliance Incidents

2024-05-10 Thread 'Ben Wilson' via dev-security-policy@mozilla.org
Here are draft summaries of the additional historic incidents. I'll be adding these to the Entrust Issues page: https://wiki.mozilla.org/CA/Entrust_Issues *Invalid data in State/Province Field -* https://bugzilla.mozilla.org/show_bug.cgi?id=1658792 It was initially discovered that Entrust had

Re: Recent Entrust Compliance Incidents

2024-05-09 Thread Watson Ladd
Could we add a section for geographical incidents? This is slightly outside your time window, but I think reading the series here has some uncanny echos in the ones in your window. https://bugzilla.mozilla.org/show_bug.cgi?id=1658792 https://bugzilla.mozilla.org/show_bug.cgi?id=1658794

Recent Entrust Compliance Incidents

2024-05-07 Thread 'Ben Wilson' via dev-security-policy@mozilla.org
Dear Mozilla Community, Over the past couple of months, a substantial number of compliance incidents have arisen in relation to Entrust. We have summarized these recent incidents in a dedicated wiki page: https://wiki.mozilla.org/CA/Entrust_Issues. In brief, these incidents arose out of