On 18/11/2016 06:23, Brian Smith wrote:
Andrew Ayer wrote:
The N month turnaround is only a reality if operators of TCSCs start
issuing certificates that comply with the new rules as soon as the new
rules are announced. How do you ensure that this happens?
Imagine
Andrew Ayer wrote:
> The N month turnaround is only a reality if operators of TCSCs start
> issuing certificates that comply with the new rules as soon as the new
> rules are announced. How do you ensure that this happens?
>
Imagine that the TCSCs are also required to
On Thu, Nov 17, 2016 at 04:55:37PM -0800, Peter Bowen wrote:
> On Thu, Nov 17, 2016 at 4:38 PM, Matt Palmer wrote:
> >> (Note: Key pinning isn't the only advantage to being able to freely operate
> >> your own intermediate CA.)
> >
> > I don't see how freely operating your
Ryan Sleevi wrote:
> On Thu, Nov 17, 2016 at 3:12 PM, Nick Lamb wrote:
> > There's a recurring pattern in most of the examples. A technical
> counter-measure would be possible, therefore you suppose it's OK to
> screw-up and the counter-measure saves us. I
On Thu, Nov 17, 2016 at 3:12 PM, Nick Lamb wrote:
> There's a recurring pattern in most of the examples. A technical
> counter-measure would be possible, therefore you suppose it's OK to screw-up
> and the counter-measure saves us. I believe this is the wrong attitude.
On Thu, Nov 17, 2016 at 02:10:58PM -1000, Brian Smith wrote:
> Nick Lamb wrote:
> > There's a recurring pattern in most of the examples. A technical
> > counter-measure would be possible, therefore you suppose it's OK to
> > screw-up and the counter-measure saves us.
>
>
On Thu, 17 Nov 2016 09:28:43 -1000
Brian Smith wrote:
> On Mon, Nov 14, 2016 at 6:39 PM, Ryan Sleevi wrote:
>
> > As Andrew Ayer points out, currently, CAs are required to ensure
> > TCSCs comply with the BRs. Non-compliance is misissuance. Does
> >
Nick Lamb wrote:
> There's a recurring pattern in most of the examples. A technical
> counter-measure would be possible, therefore you suppose it's OK to
> screw-up and the counter-measure saves us.
Right.
> I believe this is the wrong attitude. These counter-measures
On Thursday, 17 November 2016 19:28:54 UTC, Brian Smith wrote:
> Let's say I screw up something and accidentally issue a certificate from my
> sub-CA for google.com or addons.mozilla.org. Because of the name
> constraints, this is a non-issue and shouldn't result in any sanctions on
> the
On 17/11/2016 12:19, Gervase Markham wrote:
Hi Kathleen,
On 15/11/16 00:51, Kathleen Wilson wrote:
There were some recommendations to deny this request due to the
versioning problems between the English documents and the original
documents.
Do you all still feel that is the proper answer to
On Mon, Nov 14, 2016 at 6:39 PM, Ryan Sleevi wrote:
> As Andrew Ayer points out, currently, CAs are required to ensure TCSCs
> comply with the BRs. Non-compliance is misissuance. Does Mozilla share
> that view? And is Mozilla willing to surrender the ability to detect
>
On 17/11/2016 01:14, Matt Palmer wrote:
On Wed, Nov 16, 2016 at 04:35:18PM +0100, Jakob Bohm wrote:
Redacted CT records that tell the world that "there is this single
certificate with this full TBS hash and these technical extensions
issued to some name domain/e-mail under example.com, but it
Thanks, Jakob; I'll try and replicate that to check.
Tarah Wheeler
Principal Security Advocate
Senior Director of Engineering, Website Security
Symantec
ta...@symantec.com
> On Nov 17, 2016, at 2:13 AM, "dev-security-policy-requ...@lists.mozilla.org"
>
在 2016年11月16日星期三 UTC+8下午3:59:12,wangs...@gmail.com写道:
> 在 2016年11月16日星期三 UTC+8上午1:11:05,Han Yuwei写道:
> > 在 2016年11月15日星期二 UTC+8下午7:03:07,wangs...@gmail.com写道:
> > > 在 2016年11月15日星期二 UTC+8上午8:51:25,Kathleen Wilson写道:
> > > > On Friday, October 28, 2016 at 7:29:56 AM UTC-7, wangs...@gmail.com
> > >
Hi Kathleen,
On 15/11/16 00:51, Kathleen Wilson wrote:
> There were some recommendations to deny this request due to the
> versioning problems between the English documents and the original
> documents.
>
> Do you all still feel that is the proper answer to this root
> inclusion request?
As I
15 matches
Mail list logo