On 03/02/2017 05:22, Ryan Sleevi wrote:
On Thu, Feb 2, 2017 at 3:59 PM, Jakob Bohm wrote:
On 02/02/2017 00:46, Kathleen Wilson wrote:
All,
I've added another Potentially Problematic Practice, as follows.
https://wiki.mozilla.org/CA:Problematic_Practices#Issuer_Encoding_in_CRL
The encoding
On Thu, Feb 2, 2017 at 3:59 PM, Jakob Bohm wrote:
> On 02/02/2017 00:46, Kathleen Wilson wrote:
>
>> All,
>>
>> I've added another Potentially Problematic Practice, as follows.
>>
>> https://wiki.mozilla.org/CA:Problematic_Practices#Issuer_Encoding_in_CRL
>> The encoding of the Issuer field in th
On 02/02/2017 00:46, Kathleen Wilson wrote:
All,
I've added another Potentially Problematic Practice, as follows.
https://wiki.mozilla.org/CA:Problematic_Practices#Issuer_Encoding_in_CRL
The encoding of the Issuer field in the CRL should be byte-for-byte equivalent
with the encoding of the Iss
On Tuesday, December 13, 2016 at 2:36:15 PM UTC-8, Kathleen Wilson wrote:
> Thanks to all of you who have reviewed and commented on this request from
> Government of Taiwan, Government Root Certification Authority (GRCA), to
> include their renewed Government Root Certification Authority root
>
On Thursday, December 15, 2016 at 10:56:52 AM UTC-8, Brian Smith wrote:
> It is important to fix the DoS issue with the path building when there
> are many choices for the same subject. SKI/AKI matching only fixes the
> DoS issue for benign cases, not malicious cases. Therefore some way of
> limiti
Peter Gutmann said..
> For the little other use that certs get, the government body that's
> behind their use (or, occasionally, a corporate) decides what goes
> in each of the DN components. They define the use, and typically
> issue the certs, so they can specify whatever they want for the DN.
This request from the Government of Turkey, Kamu Sertifikasyon Merkezi (Kamu
SM), is to include the “TUBITAK Kamu SM SSL Kok Sertifikasi - Surum 1” root
certificate, and enable the Websites trust bit. This SHA-256 root certificate
will eventually replace the SHA1 “TÜBİTAK UEKAE Kök Sertifika Hiz
On Wednesday, November 23, 2016 at 6:00:57 AM UTC-8, wangs...@gmail.com wrote:
> The answer is yes. That’s why we need to apply for root inclusion. We also
> upload the latest version of CP/CPS here for your convenience.
> 1. GDCA CP Ver 1.5
> https://bug1128392.bmoattachments.org/attachment.cgi
Hi Nick,
Yes, we have controls in place that trigger domain re-vetting in accounts prior
to the max allowed by the BRs to assure that domains are not used beyond the
13/39 month limits.
Doug
> -Original Message-
> From: dev-security-policy [mailto:dev-security-policy-
> bounces+doug.be
Nick Lamb writes:
>In practice then I think we should try to ask local experts (ie people at
>least resident in the relevant country) when trying to judge whether the
>Locality and State elements of a Subject DN are acceptable for identifying
>the actual Subject unless it is very obvious (as with
10 matches
Mail list logo
