Kirk Hall via dev-security-policy
writes:
>does GSB use any EV certificate identity data in its phishing algorithms.
Another way to think about this this is to look at it from the criminals'
perspective: What's the value to criminals? To use a silly example, the value
to criminals of an
Obviously I think good is the best answer based on my previous posts. A precert
is still a cert. But I can see how people could disagree with me.
From: dev-security-policy on
behalf of Jeremy Rowley via dev-security-policy
Sent: Saturday, August 31, 2019
I dont recall the cab forum ever contemplating or discussing ocsp for
precertificates. The requirement to provide responses is pretty clear, but what
that response should be is a little confusing imo.
From: dev-security-policy on
behalf of Tomas Gustavsson via
On Saturday, August 31, 2019 at 3:13:00 PM UTC+2, Jeremy Rowley wrote:
> >From RFC6962:
>
> “As above, the Precertificate submission MUST be accompanied by the
> Precertificate Signing Certificate, if used, and all additional certificates
> required to verify the chain up to an accepted root
You’re right. It could be any of the responses under RFC 6960.
From: Alex Cohn
Sent: Friday, August 30, 2019 7:22 PM
To: Jeremy Rowley
Cc: Jacob Hoffman-Andrews ;
mozilla-dev-security-pol...@lists.mozilla.org
Subject: Re: 2019.08.28 Let’s Encrypt OCSP Responder Returned “Unauthorized”
for
The best way to codify it is at the CAB forum since the CAB Forum language is
the one that causes the problem (imo). We made a mistake by defining a
precertificate as “not a certificate” when the intent was mostly to allow CAs
to issue precertificates that had serial numbers duplicative with
>From RFC6962:
“As above, the Precertificate submission MUST be accompanied by the
Precertificate Signing Certificate, if used, and all additional certificates
required to verify the chain up to an accepted root certificate. The signature
on the TBSCertificate indicates the certificate
Hi,
I find and hear a few non conclusive, sometimes contradictory, messages about
OCSP responder handling of pre-certificates without final certificates. Reading
this thread I don't find a firm conclusion either (albeit I may have missed it).
I'm not saying anything others have not said before,
8 matches
Mail list logo