On Wednesday, October 19, 2016 at 3:13:50 PM UTC-7, okaphone.e...@gmail.com
wrote:
> Perhaps "haste" is not what you want here. How about "urgency"?
>
Yep. Changed in the wiki page.
Thanks,
Kathleen
___
dev-security-policy mailing list
dev-security-p
Perhaps "haste" is not what you want here. How about "urgency"?
CU Hans
___
dev-security-policy mailing list
dev-security-policy@lists.mozilla.org
https://lists.mozilla.org/listinfo/dev-security-policy
On Wednesday, October 19, 2016 at 11:50:55 AM UTC-7, Gervase Markham wrote:
>
> Today at the CAB Forum I outlined some of Mozilla's thinking on how we
> rate the severity of incidents. It might be helpful to reproduce that
> here. This is what I said:
>
Thanks, Gerv!
I added that text to the wi
Hello,
Thank you for the links. I note, however, that there's at least one
difference between the native language version and the English translation:
http://www.gdca.com.cn/cps/cps version 4.3 has a section 4.2.4 covering
CAA.
https://bug1128392.bmoattachments.org/attachment.cgi?id=8795091 vers
On 19/10/16 11:35, longol...@gmail.com wrote:
> Hey Kathleen, hey list,
>
> I really don't get why Mozilla is pushing so hard on the Chinese and
> at the same time let others get away. For example the Comodo case
> from today. Isn't that a much worse incident than what has happened
> here.
Today
Hey Kathleen,
hey list,
I really don't get why Mozilla is pushing so hard on the Chinese and at the
same time let others get away.
For example the Comodo case from today. Isn't that a much worse incident than
what has happened here. People were able to issue certs for other people
domains.
When
On Oct 19, 2016 11:51 AM, "Ryan Hurst" wrote:
>
> > Because we're talking about a CA which used their private keys to get
> > around baseline requirements/prohibitions by backdating, I would not
> > be comfortable trusting them with operating a log where they could do
> > the same thing. The addit
Hi Robin,
> Comodo is performing a thorough review of all server certificates issued by
> Comodo between those dates for domains on the .be and .eu TLDs which used
> the domain control validation method described in 3.2.2.4.2 of the BRs.
Can you elaborate on how this review is being performed?
> Because we're talking about a CA which used their private keys to get
> around baseline requirements/prohibitions by backdating, I would not
> be comfortable trusting them with operating a log where they could do
> the same thing. The addition of the Google log prevents this to some
> degree. So
On Wednesday, October 19, 2016 at 12:58:49 AM UTC-7, Kurt Roeckx wrote:
> I at least have some concerns about the current gossip draft and talked
> a little to dkg about this. I should probably bring this up on the trans
> list.
>
Please do, we would like to see this brought to closure soon and
SUMMARY:
Comodo was informed by security researchers Florian Heinz and Martin Kluge
that on 23rd September 2016 they had been able to obtain a server
authentication certificate [1] from Comodo for a domain which they did not
own or control.
The researchers shared their discovery with Comodo and t
On 19 October 2016 at 02:58, Kurt Roeckx wrote:
> On 2016-10-19 01:37, Rob Stradling wrote:
>>
>> On 18/10/16 23:49, Gervase Markham wrote:
>>>
>>> On 18/10/16 15:42, Ryan Hurst wrote:
I do not understand the desire to require StartCom / WoSign to not
utilize their own logs as part
Peter Gutmann wrote:
> Ryan Sleevi writes:
>
>> What is the goal of the root program? Should there be a higher bar for
>> removing CAs than adding them? Does trust increase or decrease over time?
>
> Another thing I'd like to bring up is the absolute silence of the CAB forum
> over all this. Ap
On 2016-10-19 01:37, Rob Stradling wrote:
On 18/10/16 23:49, Gervase Markham wrote:
On 18/10/16 15:42, Ryan Hurst wrote:
I do not understand the desire to require StartCom / WoSign to not
utilize their own logs as part of the associated quorum policy.
My original logic was that it could be se
14 matches
Mail list logo
