It would be useful to try out some of these
ideas in a Firefox add-on. But it seems that although
Mozilla supports three add-on APIs (XPI, Jetpack, and
a subset of Google Web Extensions), none of them allow
reading the certificate of the current page.
That's a lack. It prevents writing
On Thu, Sep 08, 2016 at 09:44:04AM -0700, Ryan Sleevi wrote:
> On Thursday, September 8, 2016 at 4:09:25 AM UTC-7, Rob Stradling wrote:
> > > 1. Enforce CT only after a certain date, after which WoSign will need
> > > to embed qualified SCTs. This check can be bypassed if the CA
> > >
On 07/09/2016 16:01, Thijs Alkemade wrote:
On 07 Sep 2016, at 14:52, Rob Stradling wrote:
On 06/09/16 19:12, Thijs Alkemade wrote:
Hello,
We obtained 2 certificates from the StartEncrypt API which had SHA-1 signatures
and which were backdated to December 20,
On Thursday, August 25, 2016 at 2:37:43 PM UTC-7, Kathleen Wilson wrote:
> Does anyone else have questions, comments, or concerns about this request?
> If not, then I will proceed with recommending approval.
Thanks again to those of you who participated in this discussion about Amazon
Trust
On Thursday, September 8, 2016 at 9:00:15 AM UTC-7, Stephen Schrauger wrote:
> It proves you control the web server that runs under the domain. Which is
> more or less all that you need to prove, since a TLS certificate is designed
> for web security.
>
> If you don't control DNS, but you
On Thursday, September 8, 2016 at 4:09:25 AM UTC-7, Rob Stradling wrote:
> > 1. Enforce CT only after a certain date, after which WoSign will need
> > to embed qualified SCTs. This check can be bypassed if the CA
> > backdates certificates (which is problematic, given the history of
> >
Your top 10 or top 5 is not same as my top 10 or top 5.
BTW,
Dangdang.com is using our certificate:
https://www.ssllabs.com/ssltest/analyze.html?d=login.dangdang.com
Some is also using our certificate that you don't know.
Regards,
Richard
> On 8 Sep 2016, at 23:59, Ming
On Thursday, August 4, 2016 at 10:51:58 AM UTC-7, Kathleen Wilson wrote:
>
> The CA has resolved the questions and concerns raised during the first
> discussion, and has provided an updated root certificate with corresponding
> updated documentation and audit statement.
>
> Please review this
On Wed, 7 Sep 2016 03:55:02 -0700 (PDT), Nick Lamb wrote:
> If you DIY, the rate limits obviously aren't a problem, and lots of DIY
> devices have Let's Encrypt issued certificates today. Home "routers" built
> out of a Raspberry Pi or a Mini PC are fairly popular with hobbyists. So rate
>
在 2016年9月7日星期三 UTC+8下午6:08:33,Richard Wang写道:
> Hi Gerv, Kathleen and Richard,
>
> This discuss has been lasting two weeks, I think it is time to end it, it
> doesn’t worth to waste everybody’s precious time.
> I make my confession that our system and management do have some problems
> which
On Wednesday, September 7, 2016 at 7:00:54 AM UTC-4, Gervase Markham wrote:
> Hi Richard,
>
> On 07/09/16 11:06, Richard Wang wrote:
> > This discuss has been lasting two weeks, I think it is time to end
> > it, it doesn’t worth to waste everybody’s precious time.
>
> Unfortunately, I think we
Regarding the specific file verification method:
It proves you control the web server that runs under the domain. Which is more
or less all that you need to prove, since a TLS certificate is designed for web
security.
If you don't control DNS, but you do control the web server, you
On 08/09/16 14:21, Rob Stradling wrote:
> Hi Gerv. mailman adds this footer to each message:
Only on the mailing list version of each message. So I, for example, who
read via NNTP, don't see them. Nevertheless, this is better than
nothing, so I've emailed the list moderators to ask them to make
On 08/09/16 14:13, Gervase Markham wrote:
> On 07/09/16 00:17, Kirk Hall wrote:
>> Great idea, Gerv. Question: How will we remember how/where to find the
>> list? (I never remember.)
>
> Sorry, I don't have a good solution to that :-) I will try and remember
> to post it occasionally, and
On 07/09/16 00:17, Kirk Hall wrote:
> Great idea, Gerv. Question: How will we remember how/where to find the list?
> (I never remember.)
Sorry, I don't have a good solution to that :-) I will try and remember
to post it occasionally, and whenever a big discussion starts. Others
may wish to get
On 08/09/16 11:39, Rob Stradling wrote:
> Consider https://crt.sh/?id=30629293, for example. Are you really
> suggesting that this was issued on 2nd September 2016 but backdated to
> 20th December 2015?
For simplicity, I've removed this section from Issue S. I think the
evidence related there
On 02/09/16 21:04, Patrick Figel wrote:
> I believe there are two possible solutions if CT enforcement is what the
> community decides on:
>
> 1. Enforce CT only after a certain date, after which WoSign will need
> to embed qualified SCTs. This check can be bypassed if the CA
>
On 07/09/16 17:02, Gervase Markham wrote:
> On 07/09/16 13:52, Rob Stradling wrote:
>> Hi Thijs. I agree that this pattern is interesting (and it'd be nice to
>> see an explanation), but I'm not convinced that it proves everything you
>> think it proves.
>
> Hi Rob,
>
> My digest of Thijs's
18 matches
Mail list logo