RE: Symantec Update on SubCA Proposal

2017-08-13 Thread Jeremy Rowley via dev-security-policy
Hi wizard, Although DigiCert will acquire the assets related to Symantec’s CA business, DigiCert is not required to use those assets in its business operations. We are organizing the operations of DigiCert to meet the requirements established in the Managed CA proposal. This includes having

Re: 2017.08.10 Let's Encrypt Unicode Normalization Compliance Incident

2017-08-13 Thread Peter Bowen via dev-security-policy
On Sun, Aug 13, 2017 at 5:59 PM, Matt Palmer via dev-security-policy wrote: > On Fri, Aug 11, 2017 at 06:32:11PM +0200, Kurt Roeckx via dev-security-policy > wrote: >> On Fri, Aug 11, 2017 at 11:48:50AM -0400, Ryan Sleevi via >> dev-security-policy wrote:

Re: 2017.08.10 Let's Encrypt Unicode Normalization Compliance Incident

2017-08-13 Thread Matt Palmer via dev-security-policy
On Fri, Aug 11, 2017 at 06:32:11PM +0200, Kurt Roeckx via dev-security-policy wrote: > On Fri, Aug 11, 2017 at 11:48:50AM -0400, Ryan Sleevi via dev-security-policy > wrote: > > On Fri, Aug 11, 2017 at 11:40 AM, Nick Lamb via dev-security-policy < > > dev-security-policy@lists.mozilla.org>

Re: Certificates with less than 64 bits of entropy

2017-08-13 Thread Nick Lamb via dev-security-policy
On Sunday, 13 August 2017 04:04:45 UTC+1, Eric Mill wrote: > While not every issuing CA may take security seriously enough to employ > engineers on staff who can research, author and deploy a production code > fix in a 24 hour period, every issuing CA should be able to muster the > strength to