On 10/14/2016 01:00 PM, Gervase Markham wrote:
K) StartCom impersonating mozilla.com.
https://bugzilla.mozilla.org/show_bug.cgi?id=471702 StartCom's
(former) CEO Eddy Nigg obtained a key and certificate for
www.mozilla.com and placed it on an Internet-facing server.
I do consider
/show_bug.cgi?id=471702
StartCom's (former) CEO Eddy Nigg obtained a key and certificate for
www.mozilla.com and placed it on an Internet-facing server.
You make this appear as if StartCom used its capacity as a certificate
authority to somehow abuse somebody or something, but for the wider
audience
rds
Signer: Eddy Nigg, Founder
StartCom Ltd. <http://www.startcom.org>
XMPP: start...@startcom.org <xmpp:start...@startcom.org>
___
dev-security-policy mailing list
dev-security-policy@lists.mozilla.org
https://lists.mozilla.org/listinfo/dev-security-policy
alternative to current mix of the established
certificate authorities - except if somebody is looking for revenge or
other personal matters
--
Regards
Signer: Eddy Nigg, Founder
StartCom Ltd. <http://www.startcom.org>
XMPP: start...@startcom.org <xmpp:start...@sta
nd/or easy to be
confirmed.
I assume that Inigo will report to the mailing list sometimes directly
too in order to update on the progress.
--
Regards
Signer: Eddy Nigg, Founder
StartCom Ltd. <http://www.startcom.org>
XMPP: start...@startcom.org <xmpp:st
that
all is included, covered and implied, but should a mistake have happened
in the statements made by the auditors I'm sure we can get a corrected
statement or explanation.
--
Regards
Signer: Eddy Nigg, Founder
StartCom Ltd. <http://www.startcom.org>
XMPP: start...@startc
On 09/05/2016 10:54 AM, Gervase Markham wrote:
Hi Eddy,
On 04/09/16 09:51, Eddy Nigg wrote:
I don't want to extend this discussion unnecessarily, but as a side note
you don't know which agreements this employee has signed with StartCom
and/or WoSign and hence you can't make a judgement
re you talking about?? Even though some nasty and
undesired errors happened here, its in no comparison to what happened at
Diginotar which basically lost control over the CA.
--
Regards
Signer: Eddy Nigg, Founder
StartCom Ltd. <http://www.startcom.org>
XMPP: start...@
On 09/02/2016 07:02 PM, Nick Lamb wrote:
On Friday, 2 September 2016 08:50:02 UTC+1, Eddy Nigg wrote:
Lets speak about relying parties - how does this bug affect you?
As a relying party I am entitled to assume that there is no more than one
certificate signed by a particular issuer
in any case.
--
Regards
Signer: Eddy Nigg, Founder
StartCom Ltd. <http://www.startcom.org>
XMPP: start...@startcom.org <xmpp:start...@startcom.org>
___
dev-security-policy mailing list
dev-security-policy@lists.mozil
number assignment bug.
The way Eddy Nigg describes the issue, it appears there is some kind of
low level race condition in the code or hardware that increments and
uses the serial number counter deep inside the CA, perhaps in a heavily
locked down HSM that prevents fixing the issue without
On 09/01/2016 11:52 AM, Nick Lamb wrote:
On Thursday, 1 September 2016 08:54:16 UTC+1, Eddy Nigg wrote:
Not so, rather according to my assessment, the cost and everything it
entailed (including other risks) to fix that particular issue outweighed
the benefits for having it fixed within a time
--
Regards
Signer: Eddy Nigg, Founder
StartCom Ltd. <http://www.startcom.org>
XMPP: start...@startcom.org <xmpp:start...@startcom.org>
___
dev-security-policy mailing list
dev-security-policy@lists.mozilla.org
https://lists.m
between the subject entities.
There were a couple of certificates which resulted in duplicate serials
- this could happen under certain circumstances, a bug that has been
fixed by now. We'll look into revoking and reissuing them.
--
Regards
Signer: Eddy Nigg, Founder
StartCom Ltd
would also be curious about why the certificate has not been logged to
CT, given StartCom's prior statements with regards to CT adoption.
We are checking it, it might have been logged at the wrong place. I'll
try to provide an answer on this too when possible.
--
Regards
Signer: Eddy Nigg
that a public incident report is
necessary, but should anything change in our current assessment we will
obviously act accordingly. I instructed additional verifications and
confirmations to assert that assessment.
--
Regards
Signer: Eddy Nigg, COO/CTO
StartCom Ltd. <h
with smaller keys to be detected quickly and there
will be no incentive to use such keys for web sites (there are other
use-cases for non-browsers and those should be still permitted I guess).
--
Regards
Signer: Eddy Nigg, COO/CTO
StartCom Ltd. http://www.startcom.org
XMPP: start
interesting
facts:
http://news.netcraft.com/archives/2014/04/25/heartbleed-why-arent-certificates-being-revoked.html
--
Regards
Signer: Eddy Nigg, COO/CTO
StartCom Ltd. http://www.startcom.org
XMPP: start...@startcom.org xmpp:start...@startcom.org
Blog: Join the Revolution
On 04/10/2014 07:05 PM, Eddy Nigg wrote:
I agree - I've saw the tweets bug reports and this posting. I'll be glad
to join the discussion and we intend to take a public stance as soon as
things calm down a bit.
Currently all hell is lose, but I promise to get back to you all in due
time
which isn't even under our control are
revocations. And if it wouldn't be necessary to raise a fee for that we
wouldn't either.
--
Regards
Signer: Eddy Nigg, COO/CTO
StartCom Ltd. http://www.startcom.org
XMPP: start...@startcom.org xmpp:start...@startcom.org
Blog: Join
exists between the two
parties and a CA can't audit another CA. For this the BR sets forth a
requirement for an independent audit by a (different) auditing firm than
the CA signer/issuer, in order to avoid any conflict of interests.
--
Regards
Signer: Eddy Nigg, StartCom Ltd.
XMPP:start
excludes the CA performing a (self) audit for the sub
ordinate CAs for example.
In respect to limiting issuance to a TLD, Mozilla might have to set a
criteria for it first. Being a national (local) CA could be such a criteria.
--
Regards
Signer: Eddy Nigg, StartCom Ltd.
XMPP:start
purposes you
outlined in your mail.
--
Regards
Signer: Eddy Nigg, StartCom Ltd.
XMPP:start...@startcom.org
Blog:http://blog.startcom.org/
Twitter: http://twitter.com/eddy_nigg
___
dev-security-policy mailing list
dev-security-policy
...if experience shows that it doesn't pay out to comply to
requirements, than why care next time?
--
Regards
Signer: Eddy Nigg, StartCom Ltd.
XMPP:start...@startcom.org
Blog:http://blog.startcom.org/
Twitter: http://twitter.com/eddy_nigg
___
dev
still open meaning if no stapled OCSP response, use the normal
pointers and if that fails use CRL. Remove EV (and the secure UI
indicators if you want from any other certificate) when certificate
status can't be verified.
--
Regards
Signer: Eddy Nigg, StartCom Ltd.
XMPP:start
list before seeing this message. Indeed
this site has unsecured content at this page, the connection is
considered insecure in this case.
--
Regards
Signer: Eddy Nigg, StartCom Ltd.
XMPP:start...@startcom.org
Blog:http://blog.startcom.org/
Twitter: http://twitter.com/eddy_nigg
a difference in order to pull over other browser vendors to do the
same, which in turn would have put the pressure elsewhere (those that
provide stuff to embed with their sites).
IMO, mixed content breaks the security and concept entirely.
--
Regards
Signer: Eddy Nigg, StartCom Ltd.
XMPP
software and adherence by CAs would have to
be required by policy. I don't see that happening at the moment,
specially because the benefit is fairly small for the hassle.
--
Regards
Signer: Eddy Nigg, StartCom Ltd.
XMPP:start...@startcom.org
Blog:http://blog.startcom.org/
Twitter: http
by the CAs.
But as long that this is voluntarily and optionally for those
seeking/needing/wanting an added break, I think that's nice to have.
Regards
Signer: Eddy Nigg, COO/CTO
StartCom Ltd. http://www.startcom.org
XMPP: start...@startcom.org xmpp:start...@startcom.org
Blog
the PSM module. And I
expect this to be easily solved.
--
Regards
Signer: Eddy Nigg, StartCom Ltd.
XMPP:start...@startcom.org
Blog:http://blog.startcom.org/
Twitter: http://twitter.com/eddy_nigg
___
dev-security mailing list
dev-security
Signer: Eddy Nigg, StartCom Ltd.
XMPP:start...@startcom.org
Blog:http://blog.startcom.org/
Twitter: http://twitter.com/eddy_nigg
___
dev-security mailing list
dev-security@lists.mozilla.org
https://lists.mozilla.org/listinfo/dev-security
On 02/09/2010 11:50 PM, David E. Ross:
On 2/6/2010 7:04 AM, Eddy Nigg wrote:
Isn't it about time that extensions and applications get signed with
verified code signing certificates? Adblock Plus is doing for a while
now I think, perhaps other should too?
Because this isn't really
: Eddy Nigg, StartCom Ltd.
XMPP:start...@startcom.org
Blog:http://blog.startcom.org/
Twitter: http://twitter.com/eddy_nigg
___
dev-security mailing list
dev-security@lists.mozilla.org
https://lists.mozilla.org/listinfo/dev-security
.
--
Regards
Signer: Eddy Nigg, StartCom Ltd.
XMPP:start...@startcom.org
Blog:http://blog.startcom.org/
Twitter: http://twitter.com/eddy_nigg
___
dev-security mailing list
dev-security@lists.mozilla.org
https://lists.mozilla.org/listinfo/dev
that.
And why not off-load at least some of that burden to proper identity
and/or organization validation? I would feel more comfortable if I knew
that the developer could be tracked to a legal identity in case of
intentional misuse.
--
Regards
Signer: Eddy Nigg, StartCom Ltd.
XMPP:start
every add-on? Maybe it's not such a
burden - and what about modifications of existing add-ons? Are they
reviewed too?
--
Regards
Signer: Eddy Nigg, StartCom Ltd.
XMPP:start...@startcom.org
Blog:http://blog.startcom.org/
Twitter: http://twitter.com/eddy_nigg
On 02/06/2010 08:42 PM, Michael Lefevre:
On 06/02/2010 15:04, Eddy Nigg wrote:
Isn't it about time that extensions and applications get signed with
verified code signing certificates? Adblock Plus is doing for a while
now I think, perhaps other should too?
I don't know if more details
On 02/06/2010 10:58 PM, Jean-Marc Desperrier:
On 06/02/2010 19:47, Eddy Nigg wrote:
But I guess you would think twice to sign (malicious) code with your
name - any code for that matter.
How hard is it to sign it with a cert you bought with a stolen credit
card number, using the name from
against anyone can author an add-on and put it on
the web and have people use it...
As such, this is what code signing certificates really provide and
obviously I'd support that ;-)
--
Regards
Signer: Eddy Nigg, StartCom Ltd.
XMPP:start...@startcom.org
Blog:http://blog.startcom.org
that it's mostly a server side issue and
not client side (e.g. the browser).
--
Regards
Signer: Eddy Nigg, StartCom Ltd.
XMPP:start...@startcom.org
Blog:http://blog.startcom.org/
Twitter: http://twitter.com/eddy_nigg
___
dev-security mailing
practices for quite some time, it's a
candidate for the policy (or by proxy if it will be in the Basic SSL
Guidelines). Your contributions would be perceived very differently if
you would do as above. Simply say, that you think that we need to add to
the policy...
--
Regards
Signer: Eddy Nigg
.
--
Regards
Signer: Eddy Nigg, StartCom Ltd.
XMPP:start...@startcom.org
Blog:http://blog.startcom.org/
Twitter: http://twitter.com/eddy_nigg
___
dev-security mailing list
dev-security@lists.mozilla.org
https://lists.mozilla.org/listinfo/dev
the filter to prevent this in the future.
8
Excellent! Thanks a lot for your effort!
--
Regards
Signer: Eddy Nigg, StartCom Ltd.
XMPP:start...@startcom.org
Blog:http://blog.startcom.org/
Twitter: http://twitter.com/eddy_nigg
___
dev
the
certificate signing request *has registered the domain(s) referenced
in the certificate /or/ has been authorized by the domain registrant
to act on the registrant's behalf*;/
Here is the link to the policy:
http://www.mozilla.org/projects/security/certs/policy/
--
Regards
Signer: Eddy Nigg
On 11/04/2009 11:13 PM, Dave Miller:
Giganews says the original message got nailed as a binary post because
of the included base64-encoded SSL certificate.
Specially on these news groups this can happen from time to time. Is
this something which can be fixed?
--
Regards
Signer: Eddy
*
whatsoever and is pure snake oil. CAs which issue such certificates
deceive their customers and relying parties.
In this particular issue, the above doesn't apply since this was issued
to a non-existing domain name of a real TLD.
--
Regards
Signer: Eddy Nigg, StartCom Ltd.
XMPP:start
are already month after the alleged bug
happened, plenty of time to get the act together. I think this warrants
some actions, a review and renewed confirmation of compliance might be a
good thing to do in this case.
--
Regards
Signer: Eddy Nigg, StartCom Ltd.
XMPP:start...@startcom.org
with
their lag.
Having said that, CRLs depending on its size probably requires more
resources than an OCSP responder.
--
Regards
Signer: Eddy Nigg, StartCom Ltd.
XMPP:start...@startcom.org
Blog:http://blog.startcom.org/
Twitter: http://twitter.com/eddy_nigg
, by requiring OCSP by default.
Amen!
That CA clearly fell short of this requirement.
I don't think this CA issues EV certificates. Which is perhaps we one
can draw a difference also regarding regular certificates as well.
--
Regards
Signer: Eddy Nigg, StartCom Ltd.
XMPP:start
On 10/12/2009 04:11 PM, Rob Stradling:
On Monday 12 October 2009 14:46:28 Eddy Nigg wrote:
snip
That CA clearly fell short of this requirement.
I don't think this CA issues EV certificates.
Boris and I were referring to the GlobalSign EV cert for AMO.
Oh, I meant ipsCA
think despite some wrangling and shuffling, OCSP will be
a requirement for any CA pretty soon, the unified standard requirement
will make it easier for browser vendors to hard fail.
--
Regards
Signer: Eddy Nigg, StartCom Ltd.
XMPP:start...@startcom.org
Blog:http://blog.startcom.org
in a form (as the starting page should be really secured
too, not only the POST target)? Could there be indicators which makes
the user aware that this is not an SSL secured site (since regular http
doesn't throw neither a warning nor any other annoyance)?
--
Regards
Signer: Eddy Nigg, StartCom Ltd
On 03/04/2009 04:18 PM, Jean-Marc Desperrier:
Eddy Nigg wrote:
[...] When do we expect SSL? On submit or on
password fields in a form[...]
IF page contains form
AND form contains password field
THEN flash insecure form warning
Could be done. But there would better be a cross browser
suspicious combination's (as phishers would most likely start
avoiding the password tag altogether), it would be a useful indicator.
--
Regards
Signer: Eddy Nigg, StartCom Ltd.
Jabber: start...@startcom.org
Blog: https://blog.startcom.org
___
dev-security
uncomfortable to click on a form without prior
knowing what to expect on submit (which CA or an exception). Specially
for the EV sites it would be useless to know about it only after hitting
submit.
--
Regards
Signer: Eddy Nigg, StartCom Ltd.
Jabber: start...@startcom.org
Blog: https
for http sites ?
YEAH!
--
Regards
Signer: Eddy Nigg, StartCom Ltd.
Jabber: start...@startcom.org
Blog: https://blog.startcom.org
___
dev-security mailing list
dev-security@lists.mozilla.org
https://lists.mozilla.org/listinfo/dev-security
|
|| +-+
++-+
The URL part might be only optional or hide and reappear on mouse-over.
--
Regards
Signer: Eddy Nigg, StartCom Ltd.
Jabber: start...@startcom.org
Blog: https://blog.startcom.org
Subject was [Fwd: Facebook message - Received Messages Quickly]
I've received it a few minutes ago. The URL doesn't us SSL, but it shows
exactly what I posted in this thread not long ago...see forwarded
message below:
Regards
Signer: Eddy Nigg, StartCom Ltd. http://www.startcom.org
couldn't be found either.
--
Regards
Signer: Eddy Nigg, StartCom Ltd.
Jabber: start...@startcom.org
Blog: https://blog.startcom.org
___
dev-security mailing list
dev-security@lists.mozilla.org
https://lists.mozilla.org/listinfo/dev-security
a certain
responsibility and I'd like to see better verification procedures by CAs.
with regard to the attack. So it needs to be discussed on the security
group, not crypto.
It should be discussed in the new m.d.s.policy group IMO.
--
Regards
Signer: Eddy Nigg, StartCom Ltd.
Jabber: start
requirement for wild cards. I think and
believe that considering current business practices and fees charged for
wild cards it is reasonable to require at least identity validation -
similar to the same requirement for code signing.
--
Regards
Signer: Eddy Nigg, StartCom Ltd.
Jabber: start
), not on security I
think.
--
Regards
Signer: Eddy Nigg, StartCom Ltd.
Jabber: start...@startcom.org
Blog: https://blog.startcom.org
___
dev-security mailing list
dev-security@lists.mozilla.org
https://lists.mozilla.org/listinfo/dev-security
There is another option which is suspected key compromise. It makes it
pretty clear...
--
Regards
Signer: Eddy Nigg, StartCom Ltd.
Jabber: start...@startcom.org
Blog: https://blog.startcom.org
___
dev-security mailing list
dev-security
code
signing of the add-ons...
--
Regards
Signer: Eddy Nigg, StartCom Ltd.
Jabber: [EMAIL PROTECTED]
Blog: https://blog.startcom.org
___
dev-security mailing list
dev-security@lists.mozilla.org
https://lists.mozilla.org/listinfo/dev-security
).
The premise (and a not unreasonable one) is that such a list can be generated
if
needed.
I expect that Mozilla will not come up with the resources for it.
Regards
Signer: Eddy Nigg, StartCom Ltd. http://www.startcom.org
Jabber: [EMAIL PROTECTED] xmpp:[EMAIL PROTECTED]
Blog
Gervase Markham:
Eddy Nigg (StartCom Ltd.) wrote:
Oh, that would technically not be possible I guess. Searching for such
keys dynamically could take hours per key, hence previously created
keys are used. They would need to be hosted somewhere and compared to.
That's why Mozilla would
Gervase Markham:
Eddy Nigg (StartCom Ltd.) wrote:
Locally stored where exactly? Do you have an idea how big such a list
which would cover just the most commonly used key sizes would be?
Doesn't sound feasible to me, hence I thought you were talking about
some kind of lookup service
the certificate because of somebody detected a
weak key. I haven't encountered such a situation yet and doesn't make
much sense.
Suggestions?
Even if it doesn't sound so good, do nothing is the right thing to do I
think.
Regards
Signer: Eddy Nigg, StartCom Ltd. http
that
already.
I had no clue what other CAs decided in that respect and I offered our
estimates and decisions on this subject. That's not something
coordinated. I'm open to suggestions as always.
--
Regards
Signer: Eddy Nigg, StartCom Ltd. http://www.startcom.org
Jabber
the cxv32.com domain already all over the
place? Tested with FF3 and FF2...
--
Regards
Signer: Eddy Nigg, StartCom Ltd. http://www.startcom.org
Jabber: [EMAIL PROTECTED] xmpp:[EMAIL PROTECTED]
Blog: Join the Revolution! http://blog.startcom.org
Phone: +1.213.341.0390
Eddy Nigg (StartCom Ltd.):
I just wonder why the h*** Google anti-phishing tool still allows me
to go to
http://comerica.connect.tmconnectweb.login.cgi.msg5984.time32491989.webbizcompany.c1b9r62whf314lx53xq.secureserv.onlineupdatemirror66272.comerica.certificateupdate.cxv32.com/logon.htm
,
since todays requirements and sites are mostly not static, but
dynamically assembled on the server side. In my opinion, the security
concept of the Mozilla browser(s) is not really usable... :-(
--
Regards
Signer: Eddy Nigg, StartCom Ltd. http://www.startcom.org
Jabber
Hi Gerv,
Gervase Markham wrote:
Eddy Nigg (StartCom Ltd.) wrote:
Or I could simply push the Backup button of the certificate viewer?
Except that in this very specific case, the copyright of the different
CA certificates are perhaps that of the CAs themselves. However
distribution
of the certdata.txt file can be
loaded at run-time as opposed at compile time, this problem could be
solved that way easily.
--
Regards
Signer: Eddy Nigg, StartCom Ltd. http://www.startcom.org
Jabber: [EMAIL PROTECTED] xmpp:[EMAIL PROTECTED]
Blog: Join the Revolution! http
://www.verisign.com/repository/roots/pca_certificate.html
--
Regards
Signer: Eddy Nigg, StartCom Ltd. http://www.startcom.org
Jabber: [EMAIL PROTECTED] xmpp:[EMAIL PROTECTED]
Blog: Join the Revolution! http://blog.startcom.org
Phone: +1.213.341.0390
Hecker wrote:
Eddy Nigg (StartCom Ltd.) wrote:
So is the assumption correct, that if I or anybody else extracts the CA
certificates from certdata.txt and uses the result of it, isn't bound to
any licensing constraints, similar as the content of a web page which
the browser displays isn't
situation of loosing control.
--
Regards
Signer: Eddy Nigg, StartCom Ltd. http://www.startcom.org
Jabber: [EMAIL PROTECTED] xmpp:[EMAIL PROTECTED]
Blog: Join the Revolution! http://blog.startcom.org
Phone: +1.213.341.0390
___
dev
Thanks for your answer!
Gervase Markham wrote:
Eddy Nigg (StartCom Ltd.) wrote:
Since sometimes there are some licensing concerns with the certdata.txt
file, I wanted to know exactly what one is allowed to do. If for example
by merely extracting the CA certificates with a tool like
know the answer, but try to help another project solve an
issue with this, which affects many other applications. Thanks!
[1]
http://lxr.mozilla.org/seamonkey/source/security/nss/lib/ckfw/builtins/certdata.txt
--
Regards
Signer: Eddy Nigg, StartCom Ltd. http://www.startcom.org
Jabber
;-)
--
Regards
Signer: Eddy Nigg, StartCom Ltd. http://www.startcom.org
Jabber: [EMAIL PROTECTED] xmpp:[EMAIL PROTECTED]
Blog: Join the Revolution! http://blog.startcom.org
Phone: +1.213.341.0390
___
dev-security mailing list
dev
of not being compliant
with the Mozilla CA policy.
--
Regards
Signer: Eddy Nigg, StartCom Ltd. http://www.startcom.org
Jabber: [EMAIL PROTECTED] xmpp:[EMAIL PROTECTED]
Blog: Join the Revolution! http://blog.startcom.org
Phone: +1.213.341.0390
more edits, additions and changes. This would leave the
current CA policy mostly as is now and in the future.
--
Regards
Signer: Eddy Nigg, StartCom Ltd. http://www.startcom.org
Jabber: [EMAIL PROTECTED] xmpp:[EMAIL PROTECTED]
Blog: Join the Revolution! http
configure a web server to accept ANY certificate for client
auth.
--
Regards
Signer: Eddy Nigg, StartCom Ltd. http://www.startcom.org
Jabber: [EMAIL PROTECTED] xmpp:[EMAIL PROTECTED]
Blog: Join the Revolution! http://blog.startcom.org
Phone: +1.213.341.0390
present in client certs, of the competition and spam them for their
services...good thought ;-)
--
Regards
Signer: Eddy Nigg, StartCom Ltd. http://www.startcom.org
Jabber: [EMAIL PROTECTED] xmpp:[EMAIL PROTECTED]
Blog: Join the Revolution! http://blog.startcom.org
Phone
Thanks for the tip! I didn't knew that...
Nelson B wrote:
Eddy Nigg (StartCom Ltd.) wrote:
Does anyone know what the issue might be when trying to build from
trunk? After checkout and building browser or mail static I'm getting:
gmake[6]: ../../../config/./nsinstall: Command not found
SSL connections (broken
lock) anyway. So perhaps the initial question of this thread is really
important and I suggest to require same certificate (or at least same
level) per site. It makes sense in my opinion...
--
Regards
Signer: Eddy Nigg, StartCom Ltd.
Jabber: [EMAIL PROTECTED
, the browser complains. Guess something
like that should happen here as well (i.e. downgrade).
--
Regards
Signer: Eddy Nigg, StartCom Ltd.
Jabber: [EMAIL PROTECTED]
Phone: +1.213.341.0390
___
dev-security mailing list
dev-security
if something on the same
site is served by a different level then claimed originally.
--
Regards
Signer: Eddy Nigg, StartCom Ltd.
Jabber: [EMAIL PROTECTED]
Phone: +1.213.341.0390
___
dev-security mailing list
dev-security@lists.mozilla.org
? Obviously this is only important if a distinctions is
made between EV and others... ;-)
--
Regards
Signer: Eddy Nigg, StartCom Ltd.
Jabber: [EMAIL PROTECTED]
Phone: +1.213.341.0390
Gervase Markham wrote:
As I'm not sure of the way the proposed implementation for EV indication
--
Regards
Signer: Eddy Nigg, StartCom Ltd.
Jabber: [EMAIL PROTECTED]
Phone: +1.213.341.0390
___
dev-security mailing list
dev-security@lists.mozilla.org
https://lists.mozilla.org/listinfo/dev-security
Gervase Markham wrote:
Eddy Nigg (StartCom Ltd.) wrote:
Is there a way to have them commit to that in some way or form? And what
if they'll just say: Well, we looked at it and it's not possible after
you already voted in favor?
I think it's rather unlikely that they would say
Gervase Markham wrote:
Like everything, it's a trade-off - keeping revoked certificates in CRLs
has a cost (download time and bandwidth)
Sorry, I forgot to mention that a revoked certificate is worth about 30
bytes in a CRL. Just to get about the proportions
--
Regards
Signer: Eddy
and trying to open it up is obviously much harder and I congratulate you
for every success you achieve.
--
Regards
Signer: Eddy Nigg, StartCom Ltd.
Jabber: [EMAIL PROTECTED]
Phone: +1.213.341.0390
___
dev-security mailing list
dev-security
orientated
organization refrains from voting in favor of the EV guidelines!
--
Regards
Signer: Eddy Nigg, StartCom Ltd.
Jabber: [EMAIL PROTECTED]
Phone: +1.213.341.0390
___
dev-security mailing list
dev-security@lists.mozilla.org
https
this is what it's all
about? Maybe they don't want non-microsoft - non-IE users to
participate? ;-)
--
Regards
Signer: Eddy Nigg, StartCom Ltd.
Jabber: [EMAIL PROTECTED]
Phone: +1.213.341.0390
___
dev-security mailing list
dev
. It's a service that adds tremendous value for your
subscribers and all their users/customers. I wish more CAs did that.
Thank you for the flowers :-)
--
Regards
Signer: Eddy Nigg, StartCom Ltd.
Jabber: [EMAIL PROTECTED]
Phone: +1.213.341.0390
not trust button is chosen.
How good that this certificate isn't trusted...which CA issues such a
certificatewww.microsoft.ipsos.com? I guess that the signer is a
fake Verisign certificate
--
Regards
Signer: Eddy Nigg, StartCom Ltd.
Jabber: [EMAIL PROTECTED]
Phone
have a robot checking for missing ICA certificatesand
send an appropriate message to the subscriber...
--
Regards
Signer: Eddy Nigg, StartCom Ltd.
Jabber: [EMAIL PROTECTED]
Phone: +1.213.341.0390
___
dev-security mailing list
dev
and should add the intermediate CA certificate to your server...Which
server software are you using?
--
Regards
Signer: Eddy Nigg, StartCom Ltd.
Jabber: [EMAIL PROTECTED]
Phone: +1.213.341.0390
___
dev-security mailing list
dev-security
I'm replying now to my own mail, as I misunderstood the statement from
you...Of course this is not the correct answer to what you said
Eddy Nigg (StartCom Ltd.) wrote:
I can create a cert which claims to be a VeriSign Class 3 Secure Server
CA and sign my webserver's cert with it. If you
1 - 100 of 147 matches
Mail list logo