Re: Unknown Intermediates

2017-06-23 Thread Rob Stradling via dev-security-policy
On 23/06/17 14:49, Peter Bowen via dev-security-policy wrote: On Fri, Jun 23, 2017 at 6:17 AM, Rob Stradling via dev-security-policy wrote: On 23/06/17 14:10, Kurt Roeckx via dev-security-policy wrote: On 2017-06-23 14:59, Rob Stradling wrote:

Mozilla Root Store Policy 2.5 Published

2017-06-23 Thread Gervase Markham via dev-security-policy
Version 2.5 of Mozilla's CA Policy has now been published. You can find it here: https://github.com/mozilla/pkipolicy/blob/2.5/rootstore/policy.md This document incorporates by reference the Common CCADB Policy 1.0.1: https://github.com/mozilla/pkipolicy/blob/2.5/ccadb/policy.md or

Re: Unknown Intermediates

2017-06-23 Thread Jakob Bohm via dev-security-policy
On 23/06/2017 14:59, Rob Stradling wrote: On 22/06/17 10:51, Rob Stradling via dev-security-policy wrote: On 19/06/17 20:41, Tavis Ormandy via dev-security-policy wrote: Is this useful? if not, what key usage is interesting? https://lock.cmpxchg8b.com/ServerOrAny.zip Thanks for this,

Re: Unknown Intermediates

2017-06-23 Thread Peter Bowen via dev-security-policy
On Fri, Jun 23, 2017 at 6:17 AM, Rob Stradling via dev-security-policy wrote: > On 23/06/17 14:10, Kurt Roeckx via dev-security-policy wrote: >> >> On 2017-06-23 14:59, Rob Stradling wrote: >>> >>> Reasons: >>>- Some are only trusted by the old Adobe CDS

Re: Unknown Intermediates

2017-06-23 Thread Rob Stradling via dev-security-policy
On 23/06/17 14:10, Kurt Roeckx via dev-security-policy wrote: On 2017-06-23 14:59, Rob Stradling wrote: Reasons: - Some are only trusted by the old Adobe CDS program. - Some are only trusted for Microsoft Kernel Mode Code Signing. - Some are very old roots that are no longer trusted.

Re: Unknown Intermediates

2017-06-23 Thread Kurt Roeckx via dev-security-policy
On 2017-06-23 14:59, Rob Stradling wrote: Reasons: - Some are only trusted by the old Adobe CDS program. - Some are only trusted for Microsoft Kernel Mode Code Signing. - Some are very old roots that are no longer trusted. I wonder if Google's daedalus would like to see some of those.

Re: Unknown Intermediates

2017-06-23 Thread Rob Stradling via dev-security-policy
On 22/06/17 10:51, Rob Stradling via dev-security-policy wrote: On 19/06/17 20:41, Tavis Ormandy via dev-security-policy wrote: Is this useful? if not, what key usage is interesting? https://lock.cmpxchg8b.com/ServerOrAny.zip Thanks for this, Tavis. I pointed my certscraper