Re: Time to distrust

Gijs Kruitbosch writes: >(Some) People who "do" Firefox UI read this group. If you have concrete/ >constructive suggestions, please file bugs or write to more topical mailing >lists - especially if you think there are things we should do "frontend"- >wise to improve

Re: Updating Production Common CA Database

On Tuesday, September 27, 2016 at 3:12:20 AM UTC-7, Rob Stradling wrote: > How about "CA Fingerprint"? > > Peter's "CA ID" suggestion is definitely better than "Certificate ID". > However, since crt.sh already has an integer "CA ID" field, I'd prefer > to call this Salesforce field "CA

Re: Second Discussion of LuxTrust Root Inclusion Request

On Thursday, August 4, 2016 at 10:51:58 AM UTC-7, Kathleen Wilson wrote: > On Wednesday, March 23, 2016 at 2:08:19 PM UTC-7, Kathleen Wilson wrote: > > On 12/17/15 5:34 PM, Kathleen Wilson wrote: > > > The first discussion of LuxTrust's root inclusion request was here: > > >

Re: Re: WoSign and StartCom

FYI-Tyro is not the company referenced on the CA/B Forum agenda.Dean CoclinCA/B Forum Chair   On 09/28/16, Nick Lamb wrote: On Wednesday, 28 September 2016 18:33:07 UTC+1, Percy wrote:> I'm assuming WoSign/StartCom pressured Tyro to remove the blog post. WoSign/StartCom has

Re: WoSign and StartCom

On Wednesday, 28 September 2016 18:33:07 UTC+1, Percy wrote: > I'm assuming WoSign/StartCom pressured Tyro to remove the blog post. > WoSign/StartCom has previously publicly threatened legal actions over the > secret purchase. I would say it's just as likely that Tyro's executives decided

Re: WoSign and StartCom

On Wednesday, September 28, 2016 at 12:16:51 AM UTC-7, Peter Gutmann wrote: > Percy writes: > >On Tuesday, September 27, 2016 at 2:15:38 AM UTC-7, Gervase Markham wrote: > >> Participants may be interested in this blog post from Tyro: > >>

Re: WoSign and StartCom

On 28/09/16 12:23, Nick Lamb wrote: > On Tuesday, 27 September 2016 10:15:38 UTC+1, Gervase Markham wrote: >> https://tyro.com/blog/merchant-security-is-tyros-priority/ > > This site reproduces what I guess is an email from Tyro (can't find similar > text on their website) that suggests very

Re: WoSign and StartCom

On 28/09/16 12:23, Nick Lamb wrote: > This site reproduces what I guess is an email from Tyro (can't find > similar text on their website) that suggests very strongly they > weren't prepared for SHA-1 deprecation at all and hadn't previously > even notified their customers of the necessary

Re: WoSign and StartCom

On Tuesday, 27 September 2016 10:15:38 UTC+1, Gervase Markham wrote: > https://tyro.com/blog/merchant-security-is-tyros-priority/ This site reproduces what I guess is an email from Tyro (can't find similar text on their website) that suggests very strongly they weren't prepared for SHA-1

Re: WoSign and StartCom

> On Sep 28, 2016, at 3:16 AM, Peter Gutmann wrote: > > Did anyone keep a copy of that post? Looks like they took it down pretty > quickly, possibly in response to the above. Thankfully it was still in Bing’s cache (thanks to Ryan Hurst for reminding me to check

Re: WoSign and StartCom

One question, Since WoSign and StartCom have certification which is cross signed by Certum CA(https://wiki.mozilla.org/CA:WoSign_Issues#Cross_Signing), does that mean browser will still trust any certification signed by "Certification Authority of WoSign G2" if the website owner sends a

Re: WoSign and StartCom

Percy writes: >On Tuesday, September 27, 2016 at 2:15:38 AM UTC-7, Gervase Markham wrote: >> Participants may be interested in this blog post from Tyro: >> https://tyro.com/blog/merchant-security-is-tyros-priority/ > >So this is almost proof that WoSign/StartCom has been