Re: Mozilla not compliant with RFC 5280

2013-11-13 Thread Kathleen Wilson
On 11/12/13 11:31 AM, fhw...@gmail.com wrote: There are a couple good points here, starting with hard-fail. Why is it not already turned on by default? What is the argument against it? OCSP responders are not yet reliable enough for us to do hard fail. This is old news: http://news.netcraft.c

Re: WoSign Root Inclusion Request

2013-11-13 Thread Kathleen Wilson
On 11/13/13 4:48 AM, wos...@gmail.com wrote: Very thanks to Mr Erwann Abalea’s comments. I am very sorry that we don’t update the related document in Mozilla bugzilla in time. My company changed the company name from “WoSign eCommerce Services Limited” to “WoSign CA Limited” at Sept 10th, so we

Re: Microsoft deprecating SHA-1 certs by 2016

2013-11-13 Thread Jean-Marc Desperrier
Phillip Hallam-Baker a écrit : also likely to brick a large number of cell phones as far as online commerce goes. Which smart phone OS would you expect not to support sha-256 ? It's likely that any that doesn't 3 years from now will have enough security holes that it'd not be very reasonnable

Re: Microsoft deprecating SHA-1 certs by 2016

2013-11-13 Thread Phillip Hallam-Baker
On Wed, Nov 13, 2013 at 6:37 AM, Jan Schejbal wrote: > Am 2013-11-13 13:47, schrieb Gervase Markham: > > We could update our program requirements to be identical to theirs, but > > the effect on actual CA operations would be fairly small, I fancy - > > because they are all doing it anyway. Is that

Re: Microsoft deprecating SHA-1 certs by 2016

2013-11-13 Thread Jan Schejbal
Am 2013-11-13 13:47, schrieb Gervase Markham: > We could update our program requirements to be identical to theirs, but > the effect on actual CA operations would be fairly small, I fancy - > because they are all doing it anyway. Is that what you are suggesting, > or something else? Wouldn't it ma

Re: WoSign Root Inclusion Request

2013-11-13 Thread wosign
Very thanks to Mr Erwann Abalea’s comments. I am very sorry that we don’t update the related document in Mozilla bugzilla in time. My company changed the company name from “WoSign eCommerce Services Limited” to “WoSign CA Limited” at Sept 10th, so we resigned CA1 and CA2 at Sep.14th and setup th

Re: Microsoft deprecating SHA-1 certs by 2016

2013-11-13 Thread Gervase Markham
On 12/11/13 23:20, Daniel Veditz wrote: > This is a bandwagon we ought to hop on. See > https://technet.microsoft.com/en-us/security/advisory/2880823 Microsoft were kind enough to make us aware of this move in advance. We are certainly supportive. Here's one bit of hopping: http://blog.gerv.net/2