Let's Encrypt issues first cert

Surprisingly, this development has not been commented upon here: http://www.zdnet.com/article/lets-encrypt-issues-first-free-digital-certificate/ This happened 9 days ago, but I only found out about it today, in a random email from LinkedIn... Gerv ___

Re: Policy Update Proposal -- Remove Email Trust Bit

Yes, I think it should be kept. If some CA don't like this bit, then don't apply it, so simple. No necessary to remove it in NSS. Regards, Richard > On Sep 23, 2015, at 21:34, Adriano Santoni > wrote: > > There's one thing that I still do not understand. > >

Re: Policy Update Proposal -- Remove Email Trust Bit

+100, should keep. Regards, Richard > On Sep 23, 2015, at 06:12, Kathleen Wilson wrote: > > On 9/22/15 9:29 AM, Kathleen Wilson wrote: >>> >>> First, we need to determine if the Email trust bit should remain part of >>> Mozilla's CA Certificate Policy. >> >> To be

RE: Firefox security too strict (HSTS?)?

What is also fun is that they released it two weeks before Oracle released it's own patch for paid Java 6/7 customers, before which the 768-bit DHE was hardcoded. > Subject: Re: Firefox security too strict (HSTS?)? > From: k...@caspia.com > Date: Wed, 23

Re: Firefox security too strict (HSTS?)?

On 9/16/2015 3:01 PM, AnilG wrote: Yes, I agree. From my limited perspective and knowledge I trust you as an authority that that's probably completely correct. But that's not the issue. I've got a concern that security management in Firefox is too hard for enterprise and may additionally have

Re: Firefox security too strict (HSTS?)?

On Wed, Sep 23, 2015 at 3:17 PM, R Kent James wrote: > On 9/23/2015 1:57 PM, Eric Mill wrote: > >> I'd phrase it instead as: what can be done to educate people responsible >> for deploying/buying enterprise software deployment that a rapid update >> path for all

Re: Firefox security too strict (HSTS?)?

On 9/23/2015 1:57 PM, Eric Mill wrote: I'd phrase it instead as: what can be done to educate people responsible for deploying/buying enterprise software deployment that a rapid update path for all software/protocols/ciphers/certificates is a critical prerequisite for performing their job

Re: Firefox security too strict (HSTS?)?

Except in both of these cases -- removing TLS fallback to v1.0, and raising DH parameter minimums -- Chrome joined Firefox in doing so. Firefox went out first, and so that was the first impression people got, but Chrome's policies are no less strict. In at least some enterprises, "everyone use IE"

Re: Firefox security too strict (HSTS?)?

On Wed, Sep 23, 2015 at 2:55 PM, R Kent James wrote: > On 9/23/2015 1:25 PM, Eric Mill wrote: > >> Except in both of these cases -- removing TLS fallback to v1.0, and >> raising >> DH parameter minimums -- Chrome joined Firefox in doing so. Firefox went >> out first, and so that

Re: Policy Update Proposal -- Remove Email Trust Bit

On 23/9/2015 3:46 πμ, Ryan Sleevi wrote: On Tue, September 22, 2015 3:13 pm, Kathleen Wilson wrote: == Arguments against removing the Email trust bit == Based on the information I currently have, and the discussion so far, I think we should keep the Email trust bit. For a future

Re: Policy Update Proposal -- Remove Email Trust Bit

If this is a wakeup call to the S/MIME community that they need to demonstrate enough organization and interest to create the same level of reliability that browsers did for HTTPS, can anyone lay out what the steps to doing that would look like so the S/MIME community can react in more concrete

Re: Firefox security too strict (HSTS?)?

On 9/23/2015 1:25 PM, Eric Mill wrote: Except in both of these cases -- removing TLS fallback to v1.0, and raising DH parameter minimums -- Chrome joined Firefox in doing so. Firefox went out first, and so that was the first impression people got, but Chrome's policies are no less strict. In at

Re: Firefox security too strict (HSTS?)?

How happy am I that R Kent James finally recognises my issue? After more than 30 posts we're finally talking about it. Does the resistance showing here indicate the cultural problem that R Kent James refers to? I don't know if I'm reading these posts right but, kindly: Michael Stroder: "within