We know how to do in the future, and believe me we will do this better.
Best Regards,
Richard
-Original Message-
From: dev-security-policy
[mailto:dev-security-policy-bounces+richard=wosign@lists.mozilla.org] On
Behalf Of Matt Palmer
Sent: Friday, August 26, 2016 10:03 AM
To: dev-
Yes, sorry for this.
As I admitted that this discussion gives us a big lesson that we know when we
need to report incident to all browsers. We guarantee we will do it better.
Best Regards,
Richard
-Original Message-
From: dev-security-policy
[mailto:dev-security-policy-bounces+richar
See below inline, thanks
Best Regards,
Richard
-Original Message-
From: dev-security-policy
[mailto:dev-security-policy-bounces+richard=wosign@lists.mozilla.org] On
Behalf Of Matt Palmer
Sent: Friday, August 26, 2016 7:35 AM
To: dev-security-policy@lists.mozilla.org
Subject: Re: I
See below inline, thanks.
Best Regards,
Richard
-Original Message-
From: dev-security-policy
[mailto:dev-security-policy-bounces+richard=wosign@lists.mozilla.org] On
Behalf Of Ryan Sleevi
Sent: Friday, August 26, 2016 3:10 AM
To: mozilla-dev-security-pol...@lists.mozilla.org
Subjec
On Thu, Aug 25, 2016 at 05:15:58PM -0700, Ryan Sleevi wrote:
> On Thursday, August 25, 2016 at 4:35:39 PM UTC-7, Matt Palmer wrote:
> > I'm after the specifics of the changes to WoSign's policies and procedures
> > regarding *notification*, not quality control. What were WoSign's previous
> > poli
On Thursday, August 25, 2016 at 4:35:39 PM UTC-7, Matt Palmer wrote:
> I'm after the specifics of the changes to WoSign's policies and procedures
> regarding *notification*, not quality control. What were WoSign's previous
> policies and procedures regarding notification (obviously there was
> som
On Thu, Aug 25, 2016 at 07:11:18AM +, Richard Wang wrote:
> We can post all 2015 issued SSL certificate to CT log server if necessary.
That doesn't provide any assurance, in the face of misleading notBefore
values in certificates. Without strong assurances that whatever failure of
systems or
An updated version of the signed Certificate Manager Add-on is available here:
https://addons.mozilla.org/en-US/firefox/addon/certificate-manager/
The uninstall bug has been fixed.
https://github.com/sidstamm/FirefoxCertificateManager/issues/39
The CA Information that it pulls from the CA Commun
> This request from Amazon is to enable EV treatment for the
> currently-included “Starfield Services Root Certificate
> Authority - G2 certificate, and to include the following 4 new root
> certificates, turn on the Email and Websites trust bits for them,
> and enable EV treatment for all of th
Okay, thanks for your information.
Also note that there is a difference to StartResell. On their hompage
(https://startssl.com/NewsDetails?date=20160530) they also state, that
resellers have their own intermediate certificate.
However there they seem to do the verification by themself and "charg
On Thursday, August 11, 2016 at 4:36:02 PM UTC-7, Kathleen Wilson wrote:
> >> FNMT has applied to include the “AC RAIZ FNMT-RCM” root certificate
> >> and enable the Websites trust bit.
> >>
> >> Fábrica Nacional de Moneda y Timbre (FNMT) is a government agency
> >> that provides services to Spa
> This request by the Government of Japan, Ministry of Internal
> Affairs and Communications, is to include the GPKI 'ApplicationCA2 Root'
> certificate and enable the Websites trust bit. This new root certificate
> has been created in order to comply with the Baseline Requirements, and
> will
On Thursday, August 25, 2016 at 10:11:21 AM UTC-7, rugk wrote:
> Hi,
> I stumbled across this service by StartCom:
> https://startssl.com/StartPKI (archive link: https://archive.is/GRkAK)
> I got a bit afraid when looking at their nice screenshots
> (https://archive.is/GRkAK#75%), because they of
On Thursday, August 25, 2016 at 12:14:10 AM UTC-7, Richard Wang wrote:
> We can post all 2015 issued SSL certificate to CT log server if necessary.
Is there any reason not to do that proactively?
> For BR auditor, I think this issue is too technical that fewer auditor can
> find out this problem
Hi,
I stumbled across this service by StartCom:
https://startssl.com/StartPKI (archive link: https://archive.is/GRkAK)
I got a bit afraid when looking at their nice screenshots
(https://archive.is/GRkAK#75%), because they offer intermediate
certificates for companies allowing them to issue cert
Thanks for your friendly reminder.
We can post all 2015 issued SSL certificate to CT log server if necessary.
For BR auditor, I think this issue is too technical that fewer auditor can find
out this problem.
We will add the quality control system to PKI system before issuing the
certificate, a
16 matches
Mail list logo