On Thursday, 3 August 2017 02:12:18 UTC+2, Matt Palmer wrote:
> On Wed, Aug 02, 2017 at 06:38:44PM -0400, Jonathan Rudenberg via
> dev-security-policy wrote:
> > I think the correct response is to add both intermediates to OneCRL
> > immediately, especially given the historic issues with StartCom
Peter Bowen writes:
>Gerv's email was clear that sale to DigiCert will not impact the plan,
>saying: "any change of control of some or all of Symantec's roots would not
>be grounds for a renegotiation of these dates."
>
>So the sanctions are still intact.
Ah, I phrased my question a bit unclearl
On Wed, Aug 2, 2017 at 8:10 PM, Peter Gutmann via dev-security-policy
wrote:
> Jeremy Rowley via dev-security-policy
> writes:
>
>>Today, DigiCert and Symantec announced that DigiCert is acquiring the
>>Symantec CA assets, including the infrastructure, personnel, roots, and
>>platforms.
>
> I re
Jeremy Rowley via dev-security-policy
writes:
>Today, DigiCert and Symantec announced that DigiCert is acquiring the
>Symantec CA assets, including the infrastructure, personnel, roots, and
>platforms.
I realise this is a bit off-topic for the list but someone has to bring up the
elephant in th
* Will there be other players in Symantec's SubCA plan or is DigiCert the only
one?
[DC] Only DigiCert.
* Is DigiCert prepared (yet?) to commit to a "first day of issuance" under the
SubCA plan? That is, when is the earliest date that members of the general
public may purchase cer
This certainly shakes things up! I've had my concerns that Symantec's plan was complicated and risky, but now I'm wondering if this new path will be somewhat simpler--yet even more risky? I'm not suggesting we sho
On Wed, Aug 2, 2017 at 2:12 PM, Jeremy Rowley via dev-security-policy
wrote:
> Today, DigiCert and Symantec announced that DigiCert is acquiring the
> Symantec CA assets, including the infrastructure, personnel, roots, and
> platforms. At the same time, DigiCert signed a Sub CA agreement wherein
On Wed, Aug 02, 2017 at 06:38:44PM -0400, Jonathan Rudenberg via
dev-security-policy wrote:
> I think the correct response is to add both intermediates to OneCRL
> immediately, especially given the historic issues with StartCom.
+1. Also a strongly worded letter of "are you f%*king kidding me?!?
Jonathan, Thank you for bringing this to our attention.
I have filed two bugs...
1) https://bugzilla.mozilla.org/show_bug.cgi?id=1386891
Certinomis: Cross-signing of StartCom intermediate certs, and delay in
reporting it in CCADB
2) https://bugzilla.mozilla.org/show_bug.cgi?id=1386894
Add "Star
Hey Nick - I plan to include all relevant OIDs in the cert. I figured that
way relying parties understand the total risk associated with verification
of the certificate, even if they don't know exactly the methods tied to each
listed domain. If a method is eventually deemed less desirable (*cough*
Thanks Kathleen. We already offer short-lived certs (anywhere from 8 hours
up), but they are not issued off a dedicated intermediate. It's a great
suggestion, and we'll add it to the DigiCert plan.
Jeremy
-Original Message-
From: dev-security-policy
[mailto:dev-security-policy-bounces+je
On the use of OIDs to signify the Blessed Method used for validation I thought
it can't hurt to mention the first obstacle for this idea which occurred to me
in respect of Let's Encrypt (and more generally any CA importing ACME I think)
Suppose an applicant asks for www.example.com, images.examp
Two certificates were disclosed by Certinomis in the CCADB today:
-
https://crt.sh/?q=F6044A7B147C26BABAB17C5189A09BE781919E95E26F8014D6A8B9880A6BABED
-
https://crt.sh/?q=6D9A258172F5CD1BDFF447EF64F9A9593070F4ACCBFD07465E4A7CBD205A5CFC
These certificates are cross-signs of StartCom’s "StartCom
On Wednesday, August 2, 2017 at 2:13:40 PM UTC-7, Jeremy Rowley wrote:
> Today, DigiCert and Symantec announced that DigiCert is acquiring the
> Symantec CA assets, including the infrastructure, personnel, roots, and
> platforms. At the same time, DigiCert signed a Sub CA agreement wherein we
> wi
Hi everyone,
Today, DigiCert and Symantec announced that DigiCert is acquiring the
Symantec CA assets, including the infrastructure, personnel, roots, and
platforms. At the same time, DigiCert signed a Sub CA agreement wherein we
will validate and issue all Symantec certs as of Dec 1, 2017.
> On Aug 2, 2017, at 12:28, Jonathan Rudenberg via dev-security-policy
> wrote:
>
> This certificate, issued on July 27 by certSIGN, has an invalid common name
> of “todyro_2017” and an invalid SAN dnsName of “ tody.ro” (note the leading
> space):
>
> https://crt.sh/?q=93EACBC95AE53D57322CA9
On Monday, 24 July 2017 17:34:03 UTC+1, Ben Wilson wrote:
> Nick,
> We are in discussions with Intesa Sanpaolo about implementing/pursuing
> OneCRL or a similar approach (e.g. outright revocation of the CAs).
> Thanks,
> Ben
Is there any progress on this? To be honest I was more meaning that Mozi
This certificate, issued on July 27 by certSIGN, has an invalid common name of
“todyro_2017” and an invalid SAN dnsName of “ tody.ro” (note the leading space):
https://crt.sh/?q=93EACBC95AE53D57322CA9646DCF260AE240369714906CD464561402BF32CE96&opt=cablint
__
> On Aug 2, 2017, at 12:02, Jonathan Rudenberg via dev-security-policy
> wrote:
>
> There are still three intermediates (one issued by Firmaprofesional and two
> issued by Swisscom) that are missing audit disclosures in the CCADB and do
> not have a pending OneCRL revocation:
>
> -
> https:
There are still three intermediates (one issued by Firmaprofesional and two
issued by Swisscom) that are missing audit disclosures in the CCADB and do not
have a pending OneCRL revocation:
-
https://crt.sh/?sha256=cbc689c87a63fa7323a7607cc7c457b3b450572befa47470b61c35bf079b600b
(see https://bu
Two intermediates were issued by the Taiwan Government Root Certification
Authority two weeks ago and have not been disclosed in CCADB:
-
https://crt.sh/?sha256=a423a33493b31953226df96477627dbd056756704211001b6161fb5f8299dc3a
-
https://crt.sh/?sha256=dd9c545d6b645c2bfbe1b6ecb60376006464e97bb130
On 02/08/2017 04:28, Han Yuwei wrote:
在 2017年8月1日星期二 UTC+8下午8:47:57,Nick Lamb写道:
On Tuesday, 1 August 2017 08:39:28 UTC+1, Han Yuwei wrote:
1. the CN of two cerificates are same. So it is not necessary to issue two
certificates in just 2 minutes.
I think the most likely explanation is the d
22 matches
Mail list logo
