Thanks for finding this, Nick. We're in the process of revoking the cert you
found, and searching for any others. We'll get back to you when we're done.
___
dev-security-policy mailing list
dev-security-policy@lists.mozilla.org
Hi Nick,
I expect that our auditors would have noticed and reported if we had not
tried to comply with 7.1.4.2.1.
Our next WebTrust audit starts shortly and I anticipate that the criteria
used will be
"WebTrust Principles and Criteria for Certification Authorities - SSL
Baseline with Network
I'll go through those in the next day or so and fix the CPS and audit settings.
Ben Wilson, JD, CISA, CISSP
DigiCert VP Compliance
-Original Message-
From: dev-security-policy
[mailto:dev-security-policy-bounces+ben=digicert@lists.mozilla.org] On
Behalf Of Rob Stradling
Sent:
It probably should not be same as parent. Ben will update it.
-Original Message-
From: Rob Stradling [mailto:rob.stradl...@comodo.com]
Sent: Monday, January 9, 2017 10:02 AM
To: Jeremy Rowley ;
mozilla-dev-security-pol...@lists.mozilla.org
Subject: Re: Update
On 09/01/17 16:35, Jeremy Rowley wrote:
Hi Rob - thanks for following up.
The Belgium root was granted an extension by the browsers until January 15th
to complete the audit and January 31st to submit the audit report. We are
still told they are hosted by Verizon and, considering the audit
Not many websites, but all of the Belgium ID cards would end up being
revoked.
Although Belgium is only issuing client certs, the issuing CA is not
technically constrained, meaning a BR, Network security, and standard
WebTrust audit is required. We are currently waiting for the results of the
On 2017-01-09 17:28, Rob Stradling wrote:
On 03/11/16 19:34, Jeremy Rowley wrote:
Hi Jeremy.
7. The Belgium government is our biggest challenge in migrating
Verizon customers. With over 20 issuing CAs, Belgium has the largest
outstanding non-compliant infrastructure. The operators have
On Monday, 9 January 2017 14:05:25 UTC, Robin Alden wrote:
> Nick,
> Thanks for the heads-up.
> We agree that the certificates you found should have been revoked.
Thank you Robin for investigating this, for your explanation of what happened
and for the sensible response of CT logging and
Hi Rob - thanks for following up.
The Belgium root was granted an extension by the browsers until January 15th
to complete the audit and January 31st to submit the audit report. We are
still told they are hosted by Verizon and, considering the audit progress, I
have no reason to doubt this.
On 03/11/16 19:34, Jeremy Rowley wrote:
Hi Jeremy.
7. The Belgium government is our biggest challenge in migrating Verizon
customers. With over 20 issuing CAs, Belgium has the largest outstanding
non-compliant infrastructure. The operators have also claimed that revoking
their
Nick,
Thanks for the heads-up.
We agree that the certificates you found should have been revoked.
We revoked a body of certificates on 1st October 2016 in accordance with
7.1.4.2.1.
Regrettably a mistake was made when we created the list of certificates to
be revoked.
As a word of
11 matches
Mail list logo