The certificate [1] seems also to be 'back-dated' by about 18 hours. What is Mozillas opinion about this in the light of https://wiki.mozilla.org/CA/Forbidden_or_Problematic_Practices#Backdating_the_notBefore_Date ? > It appears AlwaysOnSSL is not completely disabled - if we trust CT as a > timestamping service, [1] was issued after Hanno's email. [...] > [1] https://crt.sh/?id=1097197338 [...] > On Wed, Jan 9, 2019 at 8:59 AM Hanno Böck via dev-security-policy > <dev-security-policy@lists.mozilla.org> wrote: > > > > Hi, > > > > AlwaysOnSSL was a free certificate authority operated by CertCenter. > > I recently noticed that their main webpage was gone, but pieces of the > > service were still online. > > I immediately found a few web security issues. I reported those to > > certcenter and digicert (which is the root CA their intermediate > > chains to). [...] > > In response to this the service was completely disabled. [...] _______________________________________________ dev-security-policy mailing list dev-security-policy@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-security-policy
AW: AlwaysOnSSL web security issues
Buschart, Rufus via dev-security-policy Thu, 10 Jan 2019 01:43:34 -0800
- AlwaysOnSSL web security issues Hanno Böck via dev-security-policy
- Re: AlwaysOnSSL web security ... Alex Cohn via dev-security-policy
- AW: AlwaysOnSSL web secur... Buschart, Rufus via dev-security-policy
- Re: AlwaysOnSSL web s... Alex Gaynor via dev-security-policy
- RE: AlwaysOnSSL w... Jeremy Rowley via dev-security-policy
- Re: AlwaysOn... Jakob Bohm via dev-security-policy
- Re: AlwaysOn... Wayne Thayer via dev-security-policy
- RE: Alwa... Jeremy Rowley via dev-security-policy
- RE: ... Tim Hollebeek via dev-security-policy
