In your rush to judgment you arrived at the wrong conclusions, Ryan. No problem, though, as I'll recap my points in a bit. But first:The cert in question has as its root the utn-userfirst-hardware certificate. That appears to be a 2048-bit cert. If the wildcard cert should not have been issued
I should have included the dates. Validity period is November 2010 to 2015. Anyone at Comodo care to comment?
On Tue, August 26, 2014 8:09 am, fhw...@gmail.com wrote:
In your rush to judgment you arrived at the wrong conclusions, Ryan.
No, I really just disagree with you.
No
problem, though, as I'll recap my points in a bit. But first:
The cert in question has as its root the
On 8/20/14, 2:03 PM, Peter Bowen wrote:
On Wed, Aug 20, 2014 at 1:55 PM, fhw...@gmail.com wrote:
I've encountered a wildcard end-entity certificate on a live server that chains
directly to the root cert. There is no intermediate certificate and the root is
in the Mozilla trust store.
I
On Tue, Aug 26, 2014 at 11:35 AM, Kathleen Wilson kwil...@mozilla.com wrote:
I am running into a problem with BR audit statements that list details about
issues that have been found.
https://wiki.mozilla.org/CA:CertificatePolicyV2.1#Baseline_Requirements
...The first BR audit for each CA and
On 8/26/14, 12:10 PM, Peter Bowen wrote:
Could you publish a list of BR section numbers which one or more CA is
saying they do not yet comply with, not including any CA names? That
would help determine the scope of the request and provide some
guidance on the possible impact of the
On 8/26/14, 1:14 PM, Chris Palmer wrote:
On Tue, Aug 26, 2014 at 1:09 PM, Kathleen Wilson kwil...@mozilla.com wrote:
BR 9.5 – 1024-bit certs with validity beyond 2013 (in order to support
legacy customer apps)
BR 13.2.6 - OCSP giving status “good” for unknown serial numbers.
BR 16.5 -
On 8/26/14, 1:42 PM, Chris Palmer wrote:
If CAs can't meet the baseline requirements that they themselves
helped set, and prove so to the public, perhaps the current situation
is the end of the road.
Sigh. It'll get better. I can see in those audit statements that the
issues either were
On Tue, Aug 26, 2014 at 1:24 PM, Kathleen Wilson kwil...@mozilla.com wrote:
On Tue, Aug 26, 2014 at 1:09 PM, Kathleen Wilson kwil...@mozilla.com wrote:
BR 9.5 – 1024-bit certs with validity beyond 2013 (in order to support
legacy customer apps)
BR 13.2.6 - OCSP giving status “good” for
On 8/21/14, 8:59 AM, Kathleen Wilson wrote:
On 8/20/14, 5:30 PM, kirk_h...@trendmicro.com wrote:
Sorry for this late response, but Peter Bowen's post below in subpart
2) is exactly correct - FF needs to accept PITRAs from new CA roots,
or else you will never have any new CA roots.
I updated
Hi Kathleen,
My take on this is that any information that is relevant to a CA's
conformance (or lack thereof) with the BRs (or any other part of Mozilla's
inclusion criteria) needs to be disclosed to those who are passing judgment
on the suitability of the CA for inclusion in the Mozilla trust
On Tue, Aug 26, 2014 at 5:18 PM, Matt Palmer mpal...@hezmatt.org wrote:
On an unrelated point, I'd like to thank you, Kathleen, for the work you do
in this area. Going over the minutiae of audit reports can't be a
particularly fun job, but it *is* a very necessary one, so thanks for being
12 matches
Mail list logo