Re: DigiCert policy violation - non-disclosure of https://crt.sh/?id=160110886

On Tuesday, 4 July 2017 10:50:43 UTC+1, Jeremy Rowley wrote: > I'm an idiot. The discussion wasn't meant to be a red herring. Just a > momentary lapse in intelligence... > > It really looks like this from a validation perspective, right? EE -> > Self-signed -> Issuing CA (as it has the same

RE: DigiCert policy violation - non-disclosure of https://crt.sh/?id=160110886

Thanks Rob. Appreciate the links. -Original Message- From: Rob Stradling [mailto:rob.stradl...@comodo.com] Sent: Tuesday, July 4, 2017 3:50 AM To: Jeremy Rowley ; mozilla-dev-security-pol...@lists.mozilla.org Subject: Re: DigiCert policy violation -

RE: DigiCert policy violation - non-disclosure of https://crt.sh/?id=160110886

I'm an idiot. The discussion wasn't meant to be a red herring. Just a momentary lapse in intelligence... It really looks like this from a validation perspective, right? EE -> Self-signed -> Issuing CA (as it has the same key) -> Digicert Root Yeah - I agree it should have been disclosed.

Re: DigiCert policy violation - non-disclosure of https://crt.sh/?id=160110886

Hi Jeremy. I'm not aware of any formal definition in any RFC of the phrase "transitively chains". My recollection (and Hanno's [1]) is that this terminology dates back to the 2010 write-up of the EFF SSL Observatory [2], in which the word "transvalid" was coined. [1]