Re: Unknown Intermediates

2017-06-16 Thread Andrew Ayer via dev-security-policy
On Fri, 16 Jun 2017 10:29:45 -0700 Tavis Ormandy via dev-security-policy wrote: > On Fri, Jun 16, 2017 at 2:00 AM, Rob Stradling > wrote: > > > On 16/06/17 06:05, Tavis Ormandy via dev-security-policy wrote: > > > >> Hello, I was

Re: Unknown Intermediates

2017-06-16 Thread Tavis Ormandy via dev-security-policy
On Fri, Jun 16, 2017 at 2:00 AM, Rob Stradling wrote: > On 16/06/17 06:05, Tavis Ormandy via dev-security-policy wrote: > >> Hello, I was crawling the pkcs7 blobs in public pdf files and found some >> intermediate certificates that don't appear in crt.sh. >> >> I

Re: Unknown Intermediates

2017-06-16 Thread Jonathan Rudenberg via dev-security-policy
> On Jun 16, 2017, at 05:00, Rob Stradling via dev-security-policy > wrote: > > On 16/06/17 06:05, Tavis Ormandy via dev-security-policy wrote: >> Hello, I was crawling the pkcs7 blobs in public pdf files and found some >> intermediate certificates that

Re: Symantec response to Google proposal

2017-06-16 Thread Peter Kurrasch via dev-security-policy
My thoughts:2) Timeline.I agree with Symantec that Google's original deadlines are far too aggressive, for 2 reasons. First, I do not think Symantec can move quickly without causing further damage. Second, I do

Re: Unknown Intermediates

2017-06-16 Thread Rob Stradling via dev-security-policy
On 16/06/17 06:05, Tavis Ormandy via dev-security-policy wrote: Hello, I was crawling the pkcs7 blobs in public pdf files and found some intermediate certificates that don't appear in crt.sh. I forwarded them to Rob, I don't know if this is useful to anyone else, but they're available here.