Re: 398 Cert Life span 1Sep2020

2020-07-07 Thread Mark Goodwin via dev-security-policy 
Hi,

I can't answer for any of the vendors but I've read around this a bit;
perhaps the following will be of some use:

The Apple announcement states that the change affects "only TLS server
certificates issued from the Root CAs preinstalled with iOS" - therefore, I
think it's safe to assume locally added roots (from Internal CAs) will be
unaffected.

The Chromium change also appears to only apply to certs from known roots (
https://source.chromium.org/chromium/chromium/src/+/master:net/cert/cert_verify_proc.cc;l=682?q=HasTooLongValidity&ss=chromium
) so Chrome, Edge and other Chromium based browsers look to be the same
story.

Kind regards,

Mark



On Mon, 6 Jul 2020 at 15:07, marc.rnlds--- via dev-security-policy <
dev-security-policy@lists.mozilla.org> wrote:

> Hi All,
>
> How will internal CA's be affected.
>
>
> If I issue or have issued 2 years certificates, how will the browsers
> treat these certificates ?
>
>
> Just after guidance ..
>
> M
> ___
> dev-security-policy mailing list
> dev-security-policy@lists.mozilla.org
> https://lists.mozilla.org/listinfo/dev-security-policy
>
___
dev-security-policy mailing list
dev-security-policy@lists.mozilla.org
https://lists.mozilla.org/listinfo/dev-security-policy

Re: Firefox is printing SHA1 warning several times - but which servers use SHA-1?

2016-02-04 Thread Mark Goodwin 
Where are you viewing these? If you use the web console in the developer
tools, the server is displayed alongside the warning.

On Thu, Feb 4, 2016 at 9:13 AM, Denny Bartelt <
d.bart...@netzathleten-media.de> wrote:

> When including ads on a website Firefox is printing a SHA-1 warning
> several times:
>
> (30) "This site makes use of a SHA-1 Certificate; it's recommended you use
> certificates with signature algorithms that use hash functions stronger
> than SHA-1."
>
> Is there a way to print which servers are using SHA-1 Certificates without
> recheck each of them manually? Is there a verbose mode for that message
> which prints the server name?
>
> thanks, denny
> ___
> dev-security-policy mailing list
> dev-security-policy@lists.mozilla.org
> https://lists.mozilla.org/listinfo/dev-security-policy
>
___
dev-security-policy mailing list
dev-security-policy@lists.mozilla.org
https://lists.mozilla.org/listinfo/dev-security-policy