Re: (Possible) DigiCert EV Violation

On Mon, Feb 27, 2017 at 2:19 PM, Jeremy Rowley via dev-security-policy < dev-security-policy@lists.mozilla.org> wrote: > The requirements don't specify what to do with this information. I know > our product team interpreted this as part of the validation methods and > exchange of key information,

RE: (Possible) DigiCert EV Violation

I was just going to respond with something similar. Appendix F: "A CA may issue an EV Certificate with .onion in the right-most label of the Domain Name provided that issuance complies with the requirements set forth in this Appendix: 1. CAB Forum Tor Service Descriptor Hash extension

Re: (Possible) DigiCert EV Violation

On Mon, Feb 27, 2017 at 1:41 PM, Ryan Sleevi via dev-security-policy wrote: > The EV Guidelines require certificates issued for .onion include the > cabf-TorServiceDescriptor extension, defined in the EV Guidelines, as part of > these certificates. This is

(Possible) DigiCert EV Violation

The EV Guidelines require certificates issued for .onion include the cabf-TorServiceDescriptor extension, defined in the EV Guidelines, as part of these certificates. This is required by Section 11.7.1 (1) of the EV Guidelines, reading: "For a Certificate issued to a Domain Name with .onion in

Re: Suspicious test.com Cert Issued By GlobalSign

Hi Doug, On 15/02/17 17:09, Gervase Markham wrote: > But currently GlobalSign employees still are? > > If so, can you help us understand why that's necessary? Given that you > control the domains used for testing, you should be able to set them up > to auto-pass some form of automated

Re: GlobalSign BR violation

On Monday, 27 February 2017 00:53:46 UTC, Itzhak Daniel wrote: > How those lines are parsed? what happens when a client reaches a whitespace? > Will this allow 'vietnamairlines.com' to use 'owa', 'mail' and 'autodiscover' > in their internal infrastructure? Because they're dnsNames a correctly