Related but not exactly on point:
==
The rogue certificate found by Google was issued by the DigiNotar Public
CA 2025. The serial number of the certificate was, however, not found in
the CA system‟s records. This leads to the conclusion that it is unknown
how many certificates were
On 26/11/2009 15:35, Gervase Markham wrote:
On 25/11/09 18:47, Kálmán „KAMI” Szalai wrote:
Today, one of leading IT portal published an article about FIrefox with
this title: Firefox is not safety because of its extensions.
That's like saying Windows is not safe because of applications.
On 04/11/2009 20:43, Paul van Brouwershaven wrote:
Florian Weimer schreef:
By the way, how did you obtain a copy of the certificate?
They certificate owner wanted a same certificate from an other CA because this
certificate has very
limited browser compatibility. (read supprot for mobile
On 13/10/2009 18:23, Johnathan Nightingale wrote:
On 13-Oct-09, at 2:04 AM, Rob Stradling wrote:
An alternate approach I'd like to lobby our front-end guys on would be
to put up a scary red bar when we can't validate OCSP.
I think that your suggestion strikes a good balance between security
On 14/10/2009 02:04, Daniel Veditz wrote:
On 10/13/09 9:23 AM, Johnathan Nightingale wrote:
The temptation to attach UI to this problem sets off
blame the user alarms for me - do we think that uses will make better
decisions with this information? Like I say, I don't think we're at
WONTFIX on
On 12/10/2009 12:13, Rob Stradling wrote:
On Saturday 10 October 2009 16:05:32 Boris Zbarsky wrote:
Some of them can handle something on the order of
1-2 OCSP requests per second, last it was tested (when AMO ended up down
because the CA couldn't handle the OCSP requests for it).
The EV
On 12/10/2009 13:46, Rob Stradling wrote:
On Monday 12 October 2009 12:12:22 Ian G wrote:
On 12/10/2009 12:13, Rob Stradling wrote:
snip
That CA clearly fell short of this requirement.
It is ... surely a thing of customer-- CA relationship. If there are
insufficient resources
On 12/10/2009 21:33, Adam Barth wrote:
On Mon, Oct 12, 2009 at 8:29 AM, Daniel Veditzdved...@mozilla.com wrote:
An alternate approach I'd like to lobby our front-end guys on would be to
put up a scary red bar when we can't validate OCSP.
Chrome puts up a yellow bar in this case. I see this
Do people think this is a fair view?:
http://www.economist.com/displaystory.cfm?story_id=13395407CFID=1252820CFTOKEN=16999516
Tech.view
Browser wars are back
Mar 27th 2009
From Economist.com
This time the battle is over security rather than features
THE good news is that the latest version
Guys,
is there a page in wiki/CA: where we can collect points of discussion
for a future review of the policy? The problem being of course that we
have long discussions, reach some conclusions, but do not record those
conclusions as reminders to change the policy.
Excellent, OK, so I went here:
https://lists.mozilla.org/listinfo/dev-security
and subscribed. I guess it is up to each person to do that.
Now, the list charter! As a starting point:
==
a. Discussion on security policy, governance, directions and
architecture in common
On 5/2/09 03:23, Kyle Hamilton wrote:
There are two states in the NIST key state transition diagram that are
appropriate to this entire concept... compromised (state entered
when the private information associated with it -- i.e., the private
key and its passphrase, and has only one possible
Whoops! Apparently I'm on the wrong list ... So what is the charter
for this dev-security list? Ignore all the below, it is for the
dev-security-policy list, or treat it as an advertisement for that list.
iang
On 5/2/09 14:14, Ian G wrote:
Excellent, OK, so I went here:
https
Some comments.
Heikki Toivonen wrote:
Some people have pushed for making SSL errors such that you cannot just
click OK and proceed to the site. I'd like to see that happen. The thing
that seems to be holding this back is the fear of misconfigured sites
becoming inaccessible. In any case,
14 matches
Mail list logo