Re: Sanctions short of distrust

On Tuesday, September 13, 2016 at 8:19:03 AM UTC-7, Ryan Sleevi wrote: > On Tuesday, September 13, 2016 at 7:56:20 AM UTC-7, Peter Bowen wrote: > > I would be careful reading too much into server names. > > mail.[example.com] might host web based email access. For example, > > I'm typing this

Re: Guang Dong Certificate Authority (GDCA) root inclusion request

On Wednesday, August 3, 2016 at 2:45:23 PM UTC-7, Kathleen Wilson wrote: > This request from Guangdong Certificate Authority (GDCA) is to include the > "GDCA TrustAUTH R5 ROOT" certificate, turn on the Websites trust bit, and > enabled EV treatment. > > GDCA is a nationally recognized CA that

Taiwan GRCA Root Renewal Request

This request from Government of Taiwan, Government Root Certification Authority (GRCA), is to include their Government Root Certification Authority root certificate, and turn on the Websites and Email trust bits. This root cert will eventually replace the previous GRCA root certificate that was

Re: Second Discussion of LuxTrust Root Inclusion Request

On Thursday, September 8, 2016 at 9:07:33 AM UTC-7, Kathleen Wilson wrote: > Does anyone have comments, questions, or concerns about this request from > LuxTrust to include the "LuxTrust Global Root 2" certificate, turn on the > Websites trust bit, and enable EV treatment? > > If not, I will

Re: Ambiguous wording or the Mozilla CA security reporting requirement

Added to the list here: https://wiki.mozilla.org/CA:CertificatePolicyV2.3#Accountability And, yes, I am fully aware that a policy update is way overdue. :-( Thanks, Kathleen ___ dev-security-policy mailing list dev-security-policy@lists.mozilla.org

Is Firefox SHA-1 Deprecation Policy configurable?

Working with a client on "workarounds" for avoiding SHA-1 deprecation on a system they are woefully behind on updating for SHA-256 compatible. They asked/stated that Chrome & probably Firefox were "configurable" in regards to shutting out the trust for SHA-1 SSL/TLS certs. I'm skeptical as I

Re: Incidents involving the CA WoSign

Thank you very much for helping us. For SM2 algorithm, this is out of this thread, I can discuss with you off list. Regards, Richard > On Sep 16, 2016, at 22:32, Vincent Lynch wrote: > >> On Friday, September 16, 2016 at 6:07:56 AM UTC-4, Richard Wang wrote: >> Hi Gerv, >>

Re: Incidents involving the CA WoSign

Please read the report carefully that it is NOT the validation system is hijacked. Regards, Richard > On Sep 16, 2016, at 21:31, Han Yuwei wrote: > > 在 2016年9月16日星期五 UTC+8下午6:07:56，Richard Wang写道： >> Hi Gerv, >> >> This is the final report: >>

Re: Incidents involving the CA WoSign

On Friday, September 16, 2016 at 6:07:56 AM UTC-4, Richard Wang wrote: > Hi Gerv, > > This is the final report: > https://www.wosign.com/report/WoSign_Incident_Final_Report_09162016.pdf > > Please let me if you have any questions about the report, thanks. > > > Best Regards, > > Richard

Re: Incidents involving the CA WoSign

在 2016年9月16日星期五 UTC+8下午6:07:56，Richard Wang写道： > Hi Gerv, > > This is the final report: > https://www.wosign.com/report/WoSign_Incident_Final_Report_09162016.pdf > > Please let me if you have any questions about the report, thanks. > > > Best Regards, > > Richard Wang > CEO > WoSign CA

RE: Incidents involving the CA WoSign

Hi Gerv, This is the final report: https://www.wosign.com/report/WoSign_Incident_Final_Report_09162016.pdf Please let me if you have any questions about the report, thanks. Best Regards, Richard Wang CEO WoSign CA Limited -Original Message- From: Gervase Markham Sent: Wednesday,