Re: StartCom & Qihoo Incidents

Peter Bowen writes: >I think you found the "wrong" True Thrive Limited. Ah, thanks. >This appears to just be a name collision. Naming is hard :( Actually if you think that's tough, try figuring out who the real Midco is... Peter.

Re: StartCom & Qihoo Incidents

On Sat, Oct 22, 2016 at 9:08 PM, Peter Gutmann wrote: > popcorn writes: > >>There were comments admonishing StartCom and WoSign for not reporting change >>of ownership in a timely manner. >> >>I am not sure if this has been reported earlier,

Re: StartCom & Qihoo Incidents

popcorn writes: >There were comments admonishing StartCom and WoSign for not reporting change >of ownership in a timely manner. > >I am not sure if this has been reported earlier, but if not, then Qihoo 360 >change of ownership may be relevant to the current discussion:

Re: Remediation Plan for WoSign and StartCom

On Thu, Oct 20, 2016 at 1:57 PM, Kathleen Wilson wrote: > 1) Distrust certificates with a notBefore date after October 21, 2016 which > chain up to the following affected roots. If additional back-dating is > discovered (by any means) to circumvent this control, then

Re: Remediation Plan for WoSign and StartCom

On Sat, 22 Oct 2016 16:26:51 +0200, Jakob Bohm wrote: > Thus the need for those who obtaind OV code > signing certificates from StartCom to start looking for alternatives, > and my suggestion, as a public service, that someone here might chime > in with the names of small/individual developer

Re: Remediation Plan for WoSign and StartCom

On 22/10/2016 14:59, Ryan Sleevi wrote: On Saturday, October 22, 2016 at 5:11:29 AM UTC-7, Jakob Bohm wrote: Talking of codesigning, which root store does Chrome use to validate signatures on the PPAPI plug ins it is currently forcing developers to switch to? I've mentioned to you repeatedly

Re: Guang Dong Certificate Authority (GDCA) root inclusion request

On 21/10/2016 10:38, Han Yuwei wrote: I think this is a major mistake and a investgation should be conducted for CPS is a critical document about CA. This is not just a translation problem but a version control problem. Sometimes it can be lying. Let me try to be more specific: When

Re: Please avoid S/MIME signatures when posting to this group

On 22/10/2016 02:24, Gervase Markham wrote: On 21/10/16 17:21, Eric Mill wrote: Can you confirm whether this affects people who subscribed through Google Groups but participate via email, or whether it only impacts users who read the list through the Google Groups web interface? The

Re: Draft Email - Non-Disclosed SubCAs

On 21/10/2016 00:24, Gervase Markham wrote: On 20/10/16 15:05, Kathleen Wilson wrote: You are receiving this email because our records indicate that there are non-technically-constrained intermediate certificates that chain up to your root certificates that are included in Mozilla’s program

Re: Mozilla Root Store Elsewhere (Was Re: StartCom & Qihoo Incidents)

On 18/10/2016 20:40, Eric Mill wrote: The first thing that comes to mind is to define an intermediate representation of per-root constraints, that Mozilla can distribute alongside certdata.txt. The simplest piece would be name constraints, but incorporating things like CT constraints and

Re: Remediation Plan for WoSign and StartCom

On Saturday, October 22, 2016 at 5:11:29 AM UTC-7, Jakob Bohm wrote: > Talking of codesigning, which root store does Chrome use to validate > signatures on the PPAPI plug ins it is currently forcing developers to > switch to? I've mentioned to you repeatedly that no one uses the code signing

Re: Globalsign accidental intermediate revocation incident

On 18/10/2016 20:50, douglas.beat...@gmail.com wrote: On Monday, October 17, 2016 at 4:19:34 PM UTC-7, Jakob Bohm wrote: On 16/10/2016 09:59, Adrian R. wrote: Hello i read in the news (but not here on m.d.s.p) that a few days ago Globalsign revoked one of their intermediary roots and then

Re: Remediation Plan for WoSign and StartCom

On 22/10/2016 00:57, Jernej Simončič wrote: On Fri, 21 Oct 2016 10:03:46 -0700 (PDT), Han Yuwei wrote: I am also a StartCom's SSL & S/MIME certificate user. The only problem for me is that I must re-config nginx. S/MIME have a lot of alternatives for free. Code Signing may only works on